MIT 1.4.1 and Solaris 10 SEAM kadmin
Heilke, Rainer
Rainer.Heilke at atcoitek.com
Thu May 19 12:50:37 EDT 2005
Thanks for the response. I've forwarded this to the person working on
the problem, and see if it tweaks anything, or gives him another avenue
of thought to add to what he's done.
Rainer
> -----Original Message-----
> From: Ian Grant [mailto:ian.grant at cl.cam.ac.uk]
> Sent: Thursday, May 19, 2005 8:49 AM
> To: Heilke, Rainer
> Cc: kerberos at mit.edu
> Subject: Re: MIT 1.4.1 and Solaris 10 SEAM kadmin
>
>
> > We heard that krb5-1.4.x would support the protocol (RPCSEC_GSS ?)
> > necessary to allow a Solaris 10 kadmin client to work with an MIT
> > kadmind.
> >
> > We tried upgrading our MIT server to 1.4.1 and we still
> cannot get it to
> > work.
> >
> > We also heard that you need to add a principal of the form:
> > kadmin/kdc_name
> >
> > I was unable to get clarification on the format of kdc_name. We've
> > tried:
> >
> > kadmin/hostname.domain
>
> This should be added automatically/ The hostname should be the
> canonical fqdn of the KDC (i.e. not a CNAME)
>
> > kadmin/hostname
> > kadmin/cname (our cname for our kerberos server is 'kerberos' )
> >
> > Nothing made a difference.
>
> We are trying the same: Solaris 10 kadmin client talking to MIT 1.4
> kadmind. We use a command like
>
> kadmin -p princ/admin
>
> We are prompted for the password. On entering it we see in
> the kdc logs
> that authentication happens:
>
> May 19 11:34:44 ***** krb5kdc[16731](info): AS_REQ (5 etypes {17 16 23
> 3 1 }) xxx.xxx.xxx.xxx: ISSUE: authtime 1116498884, etypes {rep=16
> tkt=16 ses=16}, princ/admin at MY.DOMAIN for kadmin/kdc.fdn at MY.DOMAIN
>
> But the kadmin client responds:
>
> kadmin: GSS-API (or Kerberos) error while initializing kadmin
> interface
>
> It seems you get further than we do!
>
More information about the Kerberos
mailing list