KRB5 & Sun Solaris 9

McGranahan, Jamen jamen.mcgranahan at Vanderbilt.Edu
Fri Apr 24 16:45:00 EDT 2009 

* Yes, I can ping the kdc.

* Doug: as for the IP address use, we found that for some reason, it
worked better with the IP on the other 2 boxes we have this installed &
working. So, keeping the same settings, logic would suggest it should
work here too. I've also tried changing the VANDERBILT.EDU realm with
just an IP address for the KDC, but that gave me no change. As for why
we have 2 realms, etc., this was all pre-configured and found to work on
our other 2 Sun boxes. I really don't know the reasoning behind it.
Sorry.

Jamen McGranahan
Systems Services Librarian
Vanderbilt University


-----Original Message-----
From: Will Fiveash [mailto:William.Fiveash at Sun.COM] 
Sent: Friday, April 24, 2009 3:17 PM
To: McGranahan, Jamen
Cc: Douglas E. Engert; kerberos at mit.edu
Subject: Re: KRB5 & Sun Solaris 9

On Fri, Apr 24, 2009 at 02:50:47PM -0500, McGranahan, Jamen wrote:
> Error: 
> lib240:/usr/local/krb5-1.6.3/bin#kinit mcgranj at DS.VANDERBILT.EDU
> Kerberos initialization on lib240
> kinit: Can't send request (send_to_kdc) for principal
> mcgranj at DS.VANDERBILT.EDU

Can you ping the kdc below?

kdc = 129.59.1.26

> Krb5.conf:
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
>  default_realm = DS.VANDERBILT.EDU
>  dns_lookup_realm = true
>  dns_lookup_kdc = true
>  ticket_lifetime = 24h
>  forwardable = yes
>  default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
>  default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
>  preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC

It may not make a difference but I've always seen the enctypes as all
lower case strings.

>  udp_preference_limit = 1
> 
> [realms]
>  DS.VANDERBILT.EDU = {
>   kdc = 129.59.1.26
>   admin_server = ds.vanderbilt.edu
>   default_domain = vanderbilt.edu
>  }
>  VANDERBILT.EDU = {
>   kdc = ds.vanderbilt.edu
>   admin_server = ds.vanderbilt.edu
>   default_domain = vanderbilt.edu
>  }
> 
> [domain_realm]
> .vanderbilt.edu = DS.VANDERBILT.EDU
> vanderbilt.edu = DS.VANDERBILT.EDU
> 

-- 
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/

More information about the Kerberos mailing list