Trying to get Kerberos5 with Solaris 10.
Mukarram Syed
muksyed at stanford.edu
Tue Apr 1 15:40:31 EDT 2008
Any help regarding this would be appreciated. We are pretty much stuck.
Thanks
# mukarram
_____
From: Mukarram Syed [mailto:muksyed at stanford.edu]
Sent: Wednesday, March 26, 2008 5:12 PM
To: 'kerberos at mit.edu'
Subject: Trying to get Kerberos5 with Solaris 10.
Hi,
I am trying to install krb5 on Solaris 10 and have been rather successful.
But I am running into some problems, hence this email.
I could login to the box using a local account. I could then "kinit
username" and I get my kerberos tokens and I could view them via "kinit". I
could also do a "kdestroy"
However when I do a "ksu", I get the following error:
bash-3.00$ ksu
WARNING: Your password may be exposed if you enter it here and are logged
in remotely using an unsecure (non-encrypted) channel.
Kerberos password for username/root at stanford.edu: :
ksu: Server not found in Kerberos database while geting credentials from kdc
Authentication failed.
I checked the krb5.keytab which I have downloaded with wallet and installed
it.
I have also checked google
and this error usually appears when there is a FQDN problem. I have checked
this and fixed this problem.
The below clip is from this link:
http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/troubleshootin
g.html#misc_2
---CLIP START---
(various clients): Requesting host principal without fully-qualified domain
name
ksu: Server not found in Kerberos database while getting credentials from
kdc
ksu: Incorrect net address while geting credentials from kdc
I've seen this caused because the host uses /etc/hosts to resolve name
lookups before dns and the line for the host in /etc/hosts contains the
un-fully qualified domain name before the fully-qualified one.
For example /etc/hosts might contain:
141.142.1.1 trepid trepid.ncsa.uiuc.edu
Change this to:
141.142.1.1 trepid.ncsa.uiuc.edu trepid
I have also seen this problem caused by the /etc/hosts has a different IP
address in it for a host from what the DNS server has (using an nslookup).
---CLIP END---
I don't know what else could be the issue.
Also when I try to login to the box using my krb password, I get permission
denied errors even though I have populated my ~/.k5login file with
username at stanford.edu
Appreciate the advice.
Thanks
# mukarram syed.
More information about the Kerberos
mailing list