Hi, As you want to run gss-server on the linux machine, you have to have the service principal sample1's key extracted into the linux machine's default keytab file /etc/krb5.keytab. If you want to use solaris m/c as a gss-client then you don't need to extract any keys for the solaris m/c as you did.
So you just have to do: 1) add_principal <test_user> 2) add_principal sample1/<linux_machine>@<REALM.COM> 3) ktadd -k /etc/krb5.keytab sample1/<linux_machine>@<REALM.COM> 4.0) gss-server .... sample1 --------> on Linux m/c. 4.1) kinit <test_user> --------> on solaris m/c 4.2) gss-client .. sample1 "Hello World" ----> on solaris m/c Good Luck. Bandi melissa_benkyo wrote: > > Hello all, > > its me againnn. :D > I'm having trouble setting up a kerberos client on solaris 8. I'm > running a kdc on a linux machine. and I want to use gss-server on the > linux machine and run gss-client on the solaris machine. is this > possible? > > steps that I did: > 1) add_principal host/<solaris_machine_name>@<REALM.COM> > 2) ktadd -k /etc/krb5.keytab host/<solaris_machine_name>@<REALM.COM> > 3) ktadd -k </tmp/host.keytab> host/<solaris_machine_name>@<REALM.COM> > [to the same thing for sample1/<solaris_machine_name>@REALM.COM> > 4) ftp the host.keytab and sample1.keytab to the solaris machine > 5) gss-server -port 44444 -verbose sample1 > output: > GSS-API error acquiring credentials: Miscellaneous failure > GSS-API error acquiring credentials: No principal in keytab matches > desired name > But if I use the sample/<linux_macine> > output: > GSS-API error acquiring credentials: Wrong rpincipal > > solaris client side > 6) kinit <kerberos user> (OK!) > 7) gss-client -port 44444 sample "hello world" > > can someone please tell me what I did wrong? > > thanks! ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
