Trying to get Kerberos5 with Solaris 10.

Mukarram Syed muksyed at
Tue Apr 1 15:40:31 EDT 2008

Any help regarding this would be appreciated.  We are pretty much stuck.




 # mukarram



From: Mukarram Syed [mailto:muksyed at] 
Sent: Wednesday, March 26, 2008 5:12 PM
To: 'kerberos at'
Subject: Trying to get Kerberos5 with Solaris 10.




I am trying to install krb5 on Solaris 10 and have been rather successful.
But I am running into some problems, hence this email.

I could login to the box using a local account.  I could then "kinit
username" and I get my kerberos tokens and I could view them via "kinit".  I
could also do a "kdestroy" 

However when I do a "ksu", I get the following error:


bash-3.00$ ksu

WARNING: Your password may be exposed if you enter it here and are logged 

         in remotely using an unsecure (non-encrypted) channel. 

Kerberos password for username/root at : 

ksu: Server not found in Kerberos database while geting credentials from kdc
Authentication failed.


I checked the krb5.keytab which I have downloaded with wallet and installed

I have also checked google

and this error usually appears when there is a FQDN problem.  I have checked
this and fixed this problem.

The below clip is from this link:




(various clients): Requesting host principal without fully-qualified domain

ksu: Server not found in Kerberos database while getting credentials from

ksu: Incorrect net address while geting credentials from kdc


I've seen this caused because the host uses /etc/hosts to resolve name
lookups before dns and the line for the host in /etc/hosts contains the
un-fully qualified domain name before the fully-qualified one.


For example /etc/hosts might contain:              trepid


Change this to:     trepid


I have also seen this problem caused by the /etc/hosts has a different IP
address in it for a host from what the DNS server has (using an nslookup).


---CLIP END---


I don't know what else could be the issue.


Also when I try to login to the box using my krb password, I get permission
denied errors even though I have populated my ~/.k5login file with
username at


Appreciate the advice.




# mukarram syed.




More information about the Kerberos mailing list