Assistance configuring kerberos services on Solaris 10
pspinler
pspinler at gmail.com
Sun Feb 15 15:28:19 EST 2009
Hi:
Please forgive my newbie question - I'm just now teaching myself
kerberos concepts.
I've just successfully created a proof of concept kerberos domain, and
successfully configured a rhel 4.6 linux to authenticate to it, in
that I can log into the redhat host, do a kinit, klist, etc.
Now I'm trying to similarly configure a solaris host. I've created a
host principle, loaded the machine's keytab, and once I've logged in
via a non-kerberos account, I can do a 'kinit some_kerb_principle'
successfully. I've additionally started a kerberized shell service,
e.g. 'svcadm disable rlogin ; svcadm enable klogin'
Now, once I have a tgt (as shown by klist) I'm attempting to use
either solaris's or redhat's kerberized rsh to connect to the solaris
box (either via loopback or across the network, respectively).
However, I get rejected, e.g.:
-- On solaris, rsh'ing back to itself: --
pjs11 at kwanyin ~ $ kinit testuser01
Password for testuser01 at KWANYIN.MAYO.EDU:
localhost: RPC: Rpcbind failure - RPC: Success
kinit: no ktkt_warnd warning possible
pjs11 at kwanyin ~ $ klist
Ticket cache: FILE:/tmp/krb5cc_100
Default principal: testuser01 at KWANYIN.MAYO.EDU
Valid starting Expires Service principal
02/15/09 14:13:40 02/15/09 22:13:40 krbtgt/
KWANYIN.MAYO.EDU at KWANYIN.MAYO.EDU
renew until 02/22/09 14:13:40
pjs11 at kwanyin ~ $ rsh -a kwanyin
Note: The -a option nullifies all other Kerberos-specific
options you may have used.
kwanyin: Connection refused
No errors appear in the system error log when I attempt the rsh.
Can anyone please advise me how I would best debug this?
Thanks!
-- Pat
More information about the Kerberos
mailing list