kerberos (SEAM) kadmin will not start
tarstarkus
ecoke01 at netscape.com
Thu Aug 2 08:56:33 EDT 2007
Solaris 9, core + packages + fully patched;
Posted this on comp.unix.solaris also:
After a lot of googling I am surprised to find little mention of this
problem. I have all my kerberos working fine on a Solaris 9 except
for
getting kadmind to run. It will fail to initialize the gss-api and a
apptrace of that shows that it cannot start a RPC. some message
boards
have identified the cause as not having /var/krb5/rcache/root
directory. I have that. some say I must have the wrong REALM identity
in my kdc.conf or krb5.conf. I don't think that's the case because
every other facet of kerberos works.
I get good logins using kerberos passwords and the krb5tgt is
refreshed and shows the updated start and exprie dates and shows the
date that I can refresh tgt tickets util.
I checked the RPC ports (/etc/services), I did a rpcinfo -p hostname
and all loooks to be well there.
the gssd rpc is 100234 but gssd is not running. "don't know if it
should be running or is it called by the RPC".
not much useful info in the /var/krb5/kadmin.log, just repeats the
same failure. I also notice that many of the message boards have this
question as unanswered. Many of these are old posts from years ago.
I saw one post where the SA was using Solaris 10 and he only had to
clear the maintenance state to get GSSAPI initialized.
Any takers? I have beat my feeble brain to death on this one.
more info; Well it wasn't the gssd I started that to test and still
get the GSSAPI initialized error.
I ran the apptrace with -v and specified the svc_register call as
follows;
bash-2.05# apptrace -v svc_register /usr/lib/krb5/kadmind
apptrace: unexpected version: 3
kadmind -> libnsl.so.1:svc_register(xprt = 0x2c168, prognum = 0x840,
versnum = 0x2, dispatch = 0x12724) = 0x0 errno = 0 (Error 0)
xprt = (struct __svcxprt *) 0x2c168 (SVCXPRT) { Forward Reference }
prognum = (rpcprog_t) 2112 (0x840)
versnum = (rpcvers_t) 2 (0x2)
dispatch = (void *) 0x12724
return = (int) 0 (0x0)
kadmind: Cannot register RPC service.
So now I know this is a dispatch attempt to register pronum 2112
version 2 while trying to startup kadmind.
unfortunately this is all it means to me. Any ideas or direction are
greatly appreciated.
I have a feeling from what I have read that this problem is not as
severe in Solaris 10, for what ever that matters.
This is the exact command and response;
bash-2.05# /etc/init.d/kdc.master start
kadmind:Cannot initialize GSS-API authentication.
More information about the Kerberos
mailing list