kprop between master (solaris) and slave (mandriva)
Marcin N
nichu at CUT.onet.pl
Mon Apr 14 08:48:47 EDT 2008
Thank You for fast response and for quick action with patch :)
But I have a question - I can't use solaris as master and mandriva as
slave in any condition or only when I use original Solaris's
distribution packet of kerberos?
Because I found a mit kerberos 5 implementation for Solaris on
blastwave.org and I'm wondering if it would work - because as I
understand it is different packet ...
Regards
nichu
Markus Moeller wrote:
> The problem is that Solaris uses another principal.
>
> After checking the documentation I found that Solaris requires a
> kiprop/fqdn
> principal whereas the default MIT kprop client sends a host/fqdn principal.
>
> I created a patch for MIT (see below), but that would be for mandriva as
> master and Solaris as slave.
>
>
> --- /home/bisclark/krb/BUILD/krb5-1.3.4.old/src/slave/kprop.c
> 2007-03-27 10:02:52.000000000 -0700
> +++ /home/bisclark/krb/BUILD/krb5-1.3.4/src/slave/kprop.c
> 2007-03-27 15:58:50.000000000 -0700
> @@ -56,6 +56,7 @@
> int debug = 0;
> char *srvtab = 0;
> char *slave_host;
> +char *service_name = KPROP_SERVICE_NAME;
> char *realm = 0;
> char *file = KPROP_DEFAULT_FILE;
> short port = 0;
> @@ -93,7 +94,7 @@
>
> static void usage()
> {
> - fprintf(stderr, "\nUsage: %s [-r realm] [-f file] [-d] [-P port]
> [-s srvtab] slave_host\n\n",
> + fprintf(stderr, "\nUsage: %s [-n service_name] [-r realm] [-f
> file] [-d] [-P port] [-s srvtab] slave_host\n\n",
> progname);
> exit(1);
> }
> @@ -153,6 +154,15 @@
> word++;
> while (word && (ch = *word++)) {
> switch(ch){
> + case 'n':
> + if (*word)
> + service_name = word;
> + else
> + service_name = *argv++;
> + if (!service_name)
> + usage();
> + word = 0;
> + break;
> case 'r':
> if (*word)
> realm = word;
> @@ -260,7 +270,7 @@
> */
> memset((char *)&creds, 0, sizeof(creds));
> retval = krb5_sname_to_principal(context,
> - slave_host, KPROP_SERVICE_NAME,
> + slave_host, service_name,
> KRB5_NT_SRV_HST, &creds.server);
> if (retval) {
> com_err(progname, errno, "while setting server principal name");
>
> And then run kprop with -n kiprop at KRB.DOMAIN.NAME
>
> Markus
>
> "Marcin N" <nichu at nospam.onet.pl> wrote in message
> news:ftnvi8$r90$1 at news.onet.pl...
>> Douglas E. Engert wrote:
>>>
>>>
>>>
>>> And different versions of Kerberos too. It look like the solaris master
>>> is the vendor provided Solaris 10 Kerberos. The mandriva slave looks
>>> like
>>> some variant of MIT 1.4.2.
>>>
>>> They both may store configuration files in different locations.
>>> Solaris tends to use /etc/krb5. Check both sets on man pages.
>>>
>>> Both kprop and kpropd have -d options in both Solairs and MIT.
>>>
>>>
>> .
>> .
>> .
>>
>>
>>>
>>> Host names including the KDC, should be FQDN.
>>>
>>
>> Thank You for reply...
>> I changed names in krb conf to FQDN.
>> I also checked paths in both OS and they were good /etc/krb5 in solaris
>> and /etc/kerberos/krb5kdc and /etc in mandriva
>>
>> and still it doesn't work ...
>> When I execute kpropd -d there is an error:
>> kpropd: getpeername: Socket operation on non-socket
>>
>> so only kropd -S works for me...
>> ________________________________________________
>> Kerberos mailing list Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
>
More information about the Kerberos
mailing list