Using Solaris 10 kadmin with MIT 1.4.1 kadmind
Nicolas Williams
Nicolas.Williams at sun.com
Thu Jun 2 15:28:17 EDT 2005
Known bug.
Our RPCSEC_GSS APIs force us to use hostbased princs for the server, and
MIT krb5, though it now implements RPCSEC_GSS, did not match this behaviour.
On Thu, Jun 02, 2005 at 02:20:36PM -0500, Douglas E. Engert wrote:
> While trying to use the Solaris 10 Kerberos, most things in a mixed
> environment sort of work, but the kadmin does not.
>
> It appears that the Solaris 10 /usr/sbin/kadmin program is
> using the sun gss rpcs, and the MIT kadmind is not. The MIT kadmin
> is running on an older Solaris version.
>
> The kadmin gets a ticket for the admin doug/admin at TEST.REALM for
> kadmin/kdc.test.anl.gov at TEST.REALM as shown by the KDC logs.
>
> The Solaris 10 client says:
> kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
> and syslog says:
> GSS-API error: rpc_gss_seccreate failed
> three times for the client.
>
> This looks similar to the thread from 5/26-27 on
> "mixing sun solaris's rpc with mit's rpc"
>
> Any one (especially at Sun) have a solution?
>
>
>
>
> --
>
> Douglas E. Engert <DEEngert at anl.gov>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois 60439
> (630) 252-5444
More information about the Kerberos
mailing list