NFSv4 with sec=krb5 mounts not working under Solaris
Will Fiveash
William.Fiveash at sun.com
Fri May 26 12:49:26 EDT 2006
On Fri, May 26, 2006 at 07:38:52AM -0700, Erich Weiler wrote:
> We were using MIT krb5 because all of the other platforms on our network
> (mostly different flavors of linux) were using MIT krb5, so I thought we
> should use it on the Suns as well just for the sake of homogeneity.
> Sun's version of LDAP had a very tough time reading our OpenLDAP server
> so we had to build/use OpenLDAP on Solaris instead of the Solaris native
> LDAP. I thought a similar line of thinking would work for krb5. It
> looks like I thought wrong. :)
Solaris Kerberos is based on MIT's and the version in Solaris 10 works
well with MIT's. Just be careful about the key enctypes if the various
platforms do not all support the same set of enctypes. Solaris 10
supports all enctypes that MIT supports however if you have systems that
only support DES enctypes then you'll need to pay attention to that when
creating service principals that will be used on those systems.
> I'll blow out my dev box and re-install using Sun's SEAM krb5 and see if
> that helps. I have a feeling it will.
Normally Kerberos support is installed with the base Solaris packages.
Does "pkginfo -l" show SUNWkrbr, SUNWkrbu (these are for krb client
support). There are also SUNWkdcr, SUNWkdcu packages which provide KDC
support.
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the Kerberos
mailing list