Solaris 10

Rodrick Brown rbrown
Sun Jan 8 14:45:27 EST 2006 

i'm trying to setup kerberos with the default KRB5 that comes stock 
with Solaris 10 i'm running into the same problem over and over, no 
matter what system I use or how many times I start from scratch. I'm 
unable to get kadmind to start.

Jan 08 14:02:41 icarus krb5kdc[18679](info): AS_REQ 10.0.0.13(0): 
CLIENT_NOT_FOUND: kadmin/icarus at PHUSNIKN.N
ET for krbtgt/PHUSNIKN.NET at PHUSNIKN.NET, Client not found in Kerberos database
Jan 08 14:02:41 icarus krb5kdc[18679](info): DISPATCH: repeated 
(retransmitted?) request from 10.0.0.13 port
 0, resending previous response


Running: kinit -kt /etc/krb5/kadm5.keytab -c /tmp/krb-diag-cache.18720 
kadmin/changepw
kinit(v5): Key table entry not found while getting initial credentials

Warning: kadmind not fully configured (can not get kadmin/changepw
service principal ticket from /etc/krb5/kadm5.keytab).

Use the kadmin ktadd command to add this principal to the
/etc/krb5/kadm5.keytab keytab:

ktadd -k /etc/krb5/kadm5.keytab kadmin/changepw
Ignore this warning if this system is not a master KDC.
-------------------------------------------------------

Warning: kadmind not fully configured (can not get kadmin/icarus.phusnikn.net
service principal ticket from /etc/krb5/kadm5.keytab).
Ignore this warning if this system is not a master KDC.


--- krb5.conf ---

[libdefaults]
        default_realm = PHUSNIKN.NET

[realms]
        PHUSNIKN.NET = {
                kdc = icarus.phusnikn.net
                admin_server = icarus.phusnikn.net
        }

[domain_realm]
        .phusnikn.net = PHUSNIKN.NET

[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc_rotate = {
        period = 1d
        versions = 10
        }

[appdefaults]
        kinit = {
                renewable = true
                forwardable= true
        }
        gkadmin = {
                help_url = 
http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
        }

---  kdc.conf ---
[kdcdefaults]
        kdc_ports = 88,750

[realms]
        PHUSNIKN.NET = {
                profile = /etc/krb5/krb5.conf
                database_name = /var/krb5/principal
                admin_keytab = /etc/krb5/kadm5.keytab
                acl_file = /etc/krb5/kadm5.acl
                kadmind_port = 749
                max_life = 8h 0m 0s
                max_renewable_life = 7d 0h 0m 0s
                default_principal_flags = +preauth
                sunw_dbprop_enable = true
                sunw_dbprop_master_ulogsize = 1000
        }

Should I just junk SUN's implementation and use MIT's?

Anyone here successfully setup kerberos on Solaris 10?
-- 
Rodrick R. Brown
http://www.rodrickbrown.com

More information about the Kerberos mailing list