Solaris 8 and mit kdc

fsoliv fsoliv at gmail.com
Thu Jun 30 07:10:31 EDT 2005 

Hello,

Thank you for your answers. I  have been out of the office this past
week and only now I had some time to get back to this issue.
Here is what is going on:

When I rlogin from solaris8 machines to solaris 8 machines with the command:
#/usr/krb5/bin/rlogin -F  usolaris8machine I get the error message:
#Unable to connect with Kerberos V5, trying normal rlogin
#Enter Kerberos password:

When I rlogin from linux machines  (/usr/kerberos/bin/rlogin -F 
solaris8machine) to solaris 8 machines I get :

#Couldn't authenticate to server: Bad application version was sent
(via sendauth)
#Trying krb4 rlogin...
#krb_sendauth failed: You have no tickets cached
#trying normal rlogin (/usr/bin/rlogin)
#/usr/bin/rlogin: invalid option -- F
#usage: rlogin [ -8EL] [-e char] [ -l username ] host 


Before typing this command I do kinit -f  username.

Also, i can't find a field in seam's krb5.conf file to configure the
location of the keytabs. I have  placed the krb5.keytab extracted from
a linux machine into /etc/krb5/.


Any help is appreatiated,

F.

On 6/21/05, Wyllys Ingersoll <wyllys.ingersoll at sun.com> wrote:
> fsoliv wrote:
> >  Thank you for your email. However, I need to use Solaris own kerberos
> >  implementation.
> >
> > >>> Hello,
> > >>>
> > >>> Can anyone refer a link with information in configuring
> > >>> kerberirezed rlogin in solaris8? I am using MIT-KDC 1.4.1 and
> > >>> SEAM on all solaris 8 clients. Also, how do I add a keytab to a
> > >>> solaris 8 machines. Should I create a file in a linux machine
> > >>> and then copy it ot the solaris 8 box? If so, where should I
> > >>> put the keytab?
> > >>>
> 
> If you configure the MIT-KDC to use the RPCSEC_GSS protocol,
> you should be able to use the SEAM 'kadmin' client to create keys
> and populate the keytab on the Solaris 8 client.
> 
> If you don't want to do that (or can't figure out how), you can create
> the keys on the KDC (using the MIT kadmin client tool) and then transfer
> them to the Solaris box via some secure protocol (such as SSH).
> 
> The main keys you need on the SEAM client system are the
> "host" principals for the client system:
> ex:    host/f.q.d.n at REALM
> 
> Also, if you want to use NFS with Solaris 8 SEAM you will
> also need to create nfs/f.q.d.n principals as well and possibly
> a "root/f.q.d.n" principal in order to use automount with secure
> NFS file systems.  All of this is well documented in the SEAM
> online documentation at docs.sun.com - look it up and search
> for SEAM.
> 
> Remember - the only keys that need to be in a keytab are those
> that are specific to that host.   One common misconception or
> mistake that people make is to put keys in the keytab on host A
> for services that only exist on other hosts. 
> 
> -Wyllys
> 
>

More information about the Kerberos mailing list