Solaris Pam_krb5.so.1 problem after installing MIT 1.6.3
Nicolas.Williams at sun.com
Wed Sep 10 15:40:42 EDT 2008
On Wed, Sep 10, 2008 at 02:14:19PM -0500, Douglas E. Engert wrote:
> Chavez, James R. wrote:
> > Doug, Thanks for the reply.
> > I am actually using kerberos for authenticating logins through ssh.
> > Because I had no DNS entry for this Solaris box I was getting the
> > following debug output from pam_krb5.
> > Aug 26 10:24:21 solaris1.example.com sshd: [ID 537602 auth.error]
> > PAM-KRB5 (auth): krb5_verify_init_creds failed:
> > Hostname cannot be canonicalized.
> This sounds like the sshd can not determine its FQDN. A host should
> be able to determine its name without DNS.
This is coming from krb5_sname_to_principal(), which is called from
krb5_verify_init_creds(), which is called from pam_krb5:pam_sm_authenticate().
Solaris Kerberos specifically requires DNS to be configured.
More information about the Kerberos