kprop between master (solaris) and slave (mandriva)

Markus Moeller huaraz at moeller.plus.com
Fri Apr 11 16:24:23 EDT 2008 

The problem is that Solaris uses another principal.

After checking the documentation I found that Solaris requires a kiprop/fqdn
principal whereas the default MIT kprop client sends a host/fqdn principal.

I created a patch for MIT (see below), but that would be for mandriva as 
master and Solaris as slave.


--- /home/bisclark/krb/BUILD/krb5-1.3.4.old/src/slave/kprop.c
2007-03-27 10:02:52.000000000 -0700
+++ /home/bisclark/krb/BUILD/krb5-1.3.4/src/slave/kprop.c
2007-03-27 15:58:50.000000000 -0700
@@ -56,6 +56,7 @@
int     debug = 0;
char   *srvtab = 0;
char   *slave_host;
+char   *service_name = KPROP_SERVICE_NAME;
char   *realm = 0;
char   *file = KPROP_DEFAULT_FILE;
short  port = 0;
@@ -93,7 +94,7 @@

static void usage()
{
-       fprintf(stderr, "\nUsage: %s [-r realm] [-f file] [-d] [-P port] [-s 
srvtab] slave_host\n\n",
+       fprintf(stderr, "\nUsage: %s [-n service_name] [-r realm] [-f file] 
[-d] [-P port] [-s srvtab] slave_host\n\n",
               progname);
       exit(1);
}
@@ -153,6 +154,15 @@
                       word++;
                       while (word && (ch = *word++)) {
                               switch(ch){
+                               case 'n':
+                                       if (*word)
+                                               service_name = word;
+                                       else
+                                               service_name = *argv++;
+                                       if (!service_name)
+                                               usage();
+                                       word = 0;
+                                       break;
                               case 'r':
                                       if (*word)
                                               realm = word;
@@ -260,7 +270,7 @@
        */
       memset((char *)&creds, 0, sizeof(creds));
       retval = krb5_sname_to_principal(context,
-                                        slave_host, KPROP_SERVICE_NAME,
+                                        slave_host, service_name,
                                        KRB5_NT_SRV_HST, &creds.server);
       if (retval) {
           com_err(progname, errno, "while setting server principal name");

And then run kprop with  -n kiprop at KRB.DOMAIN.NAME

Markus

"Marcin N" <nichu at nospam.onet.pl> wrote in message 
news:ftnvi8$r90$1 at news.onet.pl...
> Douglas E. Engert wrote:
>>
>>
>>
>> And different versions of Kerberos too. It look like the solaris master
>> is the vendor provided Solaris 10 Kerberos. The mandriva slave looks like
>> some variant of MIT 1.4.2.
>>
>> They both may store configuration files in different locations.
>> Solaris tends to use /etc/krb5. Check both sets on man pages.
>>
>> Both kprop and kpropd have -d options in both Solairs and MIT.
>>
>>
> .
> .
> .
>
>
>>
>> Host names including the KDC, should be FQDN.
>>
>
> Thank You for reply...
> I changed names in krb conf to FQDN.
> I also checked paths in both OS and they were good /etc/krb5 in solaris
> and /etc/kerberos/krb5kdc and /etc in mandriva
>
> and still it doesn't work ...
> When I execute kpropd -d there is an error:
> kpropd: getpeername: Socket operation on non-socket
>
> so only kropd -S works for me...
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list