Solaris 8 and mit kdc
fsoliv
fsoliv at gmail.com
Thu Jun 30 07:10:31 EDT 2005
Hello,
Thank you for your answers. I have been out of the office this past
week and only now I had some time to get back to this issue.
Here is what is going on:
When I rlogin from solaris8 machines to solaris 8 machines with the command:
#/usr/krb5/bin/rlogin -F usolaris8machine I get the error message:
#Unable to connect with Kerberos V5, trying normal rlogin
#Enter Kerberos password:
When I rlogin from linux machines (/usr/kerberos/bin/rlogin -F
solaris8machine) to solaris 8 machines I get :
#Couldn't authenticate to server: Bad application version was sent
(via sendauth)
#Trying krb4 rlogin...
#krb_sendauth failed: You have no tickets cached
#trying normal rlogin (/usr/bin/rlogin)
#/usr/bin/rlogin: invalid option -- F
#usage: rlogin [ -8EL] [-e char] [ -l username ] host
Before typing this command I do kinit -f username.
Also, i can't find a field in seam's krb5.conf file to configure the
location of the keytabs. I have placed the krb5.keytab extracted from
a linux machine into /etc/krb5/.
Any help is appreatiated,
F.
On 6/21/05, Wyllys Ingersoll <wyllys.ingersoll at sun.com> wrote:
> fsoliv wrote:
> > Thank you for your email. However, I need to use Solaris own kerberos
> > implementation.
> >
> > >>> Hello,
> > >>>
> > >>> Can anyone refer a link with information in configuring
> > >>> kerberirezed rlogin in solaris8? I am using MIT-KDC 1.4.1 and
> > >>> SEAM on all solaris 8 clients. Also, how do I add a keytab to a
> > >>> solaris 8 machines. Should I create a file in a linux machine
> > >>> and then copy it ot the solaris 8 box? If so, where should I
> > >>> put the keytab?
> > >>>
>
> If you configure the MIT-KDC to use the RPCSEC_GSS protocol,
> you should be able to use the SEAM 'kadmin' client to create keys
> and populate the keytab on the Solaris 8 client.
>
> If you don't want to do that (or can't figure out how), you can create
> the keys on the KDC (using the MIT kadmin client tool) and then transfer
> them to the Solaris box via some secure protocol (such as SSH).
>
> The main keys you need on the SEAM client system are the
> "host" principals for the client system:
> ex: host/f.q.d.n at REALM
>
> Also, if you want to use NFS with Solaris 8 SEAM you will
> also need to create nfs/f.q.d.n principals as well and possibly
> a "root/f.q.d.n" principal in order to use automount with secure
> NFS file systems. All of this is well documented in the SEAM
> online documentation at docs.sun.com - look it up and search
> for SEAM.
>
> Remember - the only keys that need to be in a keytab are those
> that are specific to that host. One common misconception or
> mistake that people make is to put keys in the keytab on host A
> for services that only exist on other hosts.
>
> -Wyllys
>
>
More information about the Kerberos
mailing list