On Thursday, August 14, 2003, at 07:26 PM, Wyllys Ingersoll wrote:
CJ Keist wrote:------------------------------------------------------------------------ ---------------------------Thank you for your reply. On Thursday, August 14, 2003, at 02:50 PM, Wyllys Ingersoll wrote:That was the version of MIT's kerberos I downloaded.
Im not sure what you mean when you say you are running "version 5.1.3.1".Not using what comes with Solaris, I installed the MIT over Solaris's kerberos stuff.Are you running the Kerberos code that comes installed with Solaris 9 by default or did you put MIT kerberos on top of a Solaris 9 system and are trying to use MIT Kerberos instead?
Whose pam_krb5 module are you using - Sun's or an open source version?Still using whatever came with Solaris pam.conf.
That will cause problems if you are using MIT Kerberos for other stuff as the pam_krb5 module for Solaris is linked with the Solaris Kerberos library which is different than the MIT ones and looks for config files and keytabs in different locations.
You *can* put MIT KRB5 on a Solaris 9 system (though the Kerberos thatOn the client box I did try to use Solaris kerberos stuff, but was unable to get kadmin to talk to my KDC. Kept giving me a "realm missmatch" error. So I gave up and installed the MIT stuff, that got my kadmin to talk to my KDC.
comes with S9 is fully compatible with MIT KRB5 and in most cases you
shouldn't need to install MIT), but you must make sure your $PATH variable
is configured so that the MIT binaries are used before the Solaris
binaries.
Usually due to a domain_realm mapping problem OR because the host does not resolve to a f.q.d.n name and the Kerb code has trouble mapping it to a realm correctly since it cannot find a domain.
Also, the one incompatibility that you will find is that a Solaris KDC
can only talk to a Solaris 'kadmin' client (and vice-versa) due to
different RPC protocols used by MIT and Solaris KDC servers. So, if your
KDC is MIT, then you will have to administer it with the MIT kadmin client.
If its SEAM, then you must use the SEAM kadmin client.
Looks like I will try that next. I didn't realize that Solaris 9 had kerberos already installed, just assumed I need to get the MIT version and install it.One other suggestion would be to remove the MIT installation from the Solaris 9 systems and use the supported Solaris Kerberos stuff, it will eliminate alot of confusion and mismatches like you are seeing.
Ah, ok. Follow up if you continue to have problems. Also, look
at sunsolve.sun.com and find the latest Solaris 9 SEAM patches.
There have been several updates to the Solaris Kerberos stuff, including
improvements to the pam_krb5 module.
-Wyllys
C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness'"
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
