Solaris 8 and mit kdc
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Jun 30 08:35:19 EDT 2005
fsoliv wrote:
> Before typing this command I do kinit -f username.
>
> Also, i can't find a field in seam's krb5.conf file to configure the
> location of the keytabs. I have placed the krb5.keytab extracted
> from a linux machine into /etc/krb5/.
That is correct. The keytab on Solaris is /etc/krb5/krb5.keytab
On the Solaris box (as root), run "klist -ke" - this should show
you the contents of the keytab file. It *should* contain
a DES key for "host/foo.bar.com at YOUR.REALM" (Solaris 8).
Also, look in the KDC log files to see if the either the client
or the server is requesting keys for things the KDC does
not know about.
Kerberos is very sensitive to naming issues - we like to recommend
that you always use fully qualified hostnames for your host
based service principals and make sure that your naming
service returns f.q.d.n names for reverse address lookups.
What naming service are you using to resolve hostnames
(DNS, NIS, or just flat files like /etc/hosts) ?
-Wyllys
More information about the Kerberos
mailing list