Trying to get Kerberos5 with Solaris 10.

Mukarram Syed muksyed at stanford.edu
Tue Apr 1 15:40:31 EDT 2008


Any help regarding this would be appreciated.  We are pretty much stuck.

 

Thanks

 

 # mukarram

 

  _____  

From: Mukarram Syed [mailto:muksyed at stanford.edu] 
Sent: Wednesday, March 26, 2008 5:12 PM
To: 'kerberos at mit.edu'
Subject: Trying to get Kerberos5 with Solaris 10.

 

Hi,

 

I am trying to install krb5 on Solaris 10 and have been rather successful.
But I am running into some problems, hence this email.

I could login to the box using a local account.  I could then "kinit
username" and I get my kerberos tokens and I could view them via "kinit".  I
could also do a "kdestroy" 

However when I do a "ksu", I get the following error:

 

bash-3.00$ ksu

WARNING: Your password may be exposed if you enter it here and are logged 

         in remotely using an unsecure (non-encrypted) channel. 

Kerberos password for username/root at stanford.edu: : 

ksu: Server not found in Kerberos database while geting credentials from kdc
Authentication failed.

 

I checked the krb5.keytab which I have downloaded with wallet and installed
it.

I have also checked google

and this error usually appears when there is a FQDN problem.  I have checked
this and fixed this problem.

The below clip is from this link:

http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/troubleshootin
g.html#misc_2

 

---CLIP START---

 

(various clients): Requesting host principal without fully-qualified domain
name

ksu: Server not found in Kerberos database while getting credentials from
kdc

ksu: Incorrect net address while geting credentials from kdc

 

I've seen this caused because the host uses /etc/hosts to resolve name
lookups before dns and the line for the host in /etc/hosts contains the
un-fully qualified domain name before the fully-qualified one.

 

For example /etc/hosts might contain:

 

141.142.1.1              trepid trepid.ncsa.uiuc.edu

 

Change this to:

 

141.142.1.1              trepid.ncsa.uiuc.edu trepid

 

I have also seen this problem caused by the /etc/hosts has a different IP
address in it for a host from what the DNS server has (using an nslookup).

 

---CLIP END---

 

I don't know what else could be the issue.

 

Also when I try to login to the box using my krb password, I get permission
denied errors even though I have populated my ~/.k5login file with
username at stanford.edu

 

Appreciate the advice.

 

Thanks

 

# mukarram syed.

 

 

 




More information about the Kerberos mailing list