Starting kpropd as a service in Solaris 10

Mike Friedman mikef at berkeley.edu
Wed Sep 13 22:29:22 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm putting up a KDC (krb5-1.4.2) on a Solaris 10 system, an OS that is 
new to me (I've installed MIT K5 on Solaris 8 and 9 and other systems). 
It seems that kpropd won't start correctly from inetd.conf, though if I 
run it standalone (-S option) it works fine.

Our sysadmin talked to Sun support, who suggested contacting the 'vendor' 
(that's you folks!) about whether there's a special way to start kpropd as 
a service.  I suspect there isn't, but our Unix sysadmin doesn't know why 
it's not working.

What is apparently happening is that when I connect to port 754 from the 
master KDC, /usr/lib/krb5/kpropd (the Solaris version) gets launched, 
rather than /usr/local/kerberos/sbin/kpropd (the MIT version).  And, of 
course, the former doesn't work since it doesn't know about my (MIT) 
Kerberos configuration.

But /etc/inetd.conf has the following entry:

krb5_prop       stream  tcp     nowait  root    /usr/local/kerberos/sbin/kpropd kpropd

The sympton I get on the kprop client end is a message that authentication 
to the server failed.  Which I'd expect if the native Solaris kpropd is 
being run instead of MIT's kropd.

I know that Solaris 10 introduces the 'smf' facility for managing 
services, so I figure this has something to do with the problem. But so 
far our sysadmin, and our Sun contact apparently, has nothing further to 
suggest.

The sysadmin has tried several times to 'refresh' inetd via smf commands, 
to no avail.

Any ideas?

Thanks.

Mike

_________________________________________________________________________
Mike Friedman                        IST/System and Network Security
mikef at berkeley.edu                   2484 Shattuck Avenue
1-510-642-1410                       University of California at Berkeley
http://socrates.berkeley.edu/~mikef  http://security.berkeley.edu
_________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBRQi+ha0bf1iNr4mCEQK9dQCcC/u1kl4y7tG8J7iNPJdqF7D+tdwAoLR2
oXGor6+zQiOo9uYFkndhZjym
=3kNr
-----END PGP SIGNATURE-----



More information about the Kerberos mailing list