On 10/ 8/09 04:24 PM, Mark Phalan wrote: > On 10/ 8/09 04:09 PM, Mark Phalan wrote: >> On 10/ 8/09 02:18 AM, Kyle McDonald wrote: >>> Will Fiveash wrote: >>>> On Wed, Oct 07, 2009 at 11:27:43PM +0200, Mark Phalan wrote: >>>> >>>>> On 7 Oct 2009, at 22:56, Kyle McDonald <KMcDonald at Egenera.COM> wrote: >>>>> >>>>> >>>>>> Kyle McDonald wrote: >>>>>> >>>>>>> Ok. I was following the instructions for manually configuring a >>>>>>> master KDC at: >>>>>>> >>>>>>> http://docs.sun.com/app/docs/doc/816-4557/setup-1?l=en&a=view >>>>>>> >>>>>>> Ah HA! I missed step 6c. on my way back through the directions. >>>>>>> Thanks! >>>>>>> >>>>>>> >>>>>> Wait, I didn't miss step 6c. Well I did, but only because it >>>>>> wasn't there. ;) >>>>>> >>>>>> The link above is from the doc you linked to, the S10 HTML version >>>>>> of the book I've been reading. >>>>>> But I've been reading the _OpenSolaris_ PDF version of the book, >>>>>> and step 6c - Writing out all the keys to the keytab file is >>>>>> missing entirely from the OS version of this book. >>>>>> >>>>>> So is this a Documentation bug? >>>>>> >>>>> No, on OpenSolaris it's not necessary to add the entries to the >>>>> keytab - it can read the key information it needs directly from >>>>> the kdb. On S10 it *is* necessary. >>>>> >>>> >>>> Ah, I forgot about that. Thanks for the reminder. Kyle, forget about >>>> what I wrote about the kiprop entries in kadm5.keytab. >>>> >>>> >>> Then why did the whole problem go away once I did write the all the >>> keys to the keytab file? >>> >>> Is there some other bug here? >>> >> >> So I investigated this a bit more. kadmind also complained to me about >> not being able to set the RPCSEC_GSS service names. After looking at >> truss output it became clear what the problem was - there was no >> /etc/gss/mech file present in the local zone. It looks like SUNWkdc is >> missing a dependency on SUNWgssc. Once SUNWgssc was installed I was >> able to start kadmind without any kadm5.keytab in the local ipkg zone. >> >> $ pkg contents -t depend -o fmri SUNWkdc >> FMRI >> SUNWcs at 0.5.11-0.122 >> SUNWcsl at 0.5.11-0.122 >> SUNWgss at 0.5.11-0.122 >> SUNWkrb at 0.5.11-0.122 >> SUNWlldap at 0.5.11-0.122 >> SUNWrsg at 0.5.11-0.122 >> SUNWsmbs at 0.5.11-0.122 >> $ >> >> I'll open a bug for this shortly. > > Actually probably the dependency should be from SUNWkrb. In Nevada > SUNWkrbu depends on SUNWgssc but in OpenSolaris SUNWkrb doesn't depend > on SUNWgssc.
Filed: http://defect.opensolaris.org/bz/show_bug.cgi?id=11823 -M
