Hi Guru, I just finish setting up a kerberos authentication; however, I seem to have a problem to get my initial credential to work. I follow the step-by-step procedure in the url below & it still doesn't work. According to the error msg, it looks like my pam.conf & krb5.conf files don't configure correctly.
Could someone please take a look at my pam.conf & krb5.conf files & tell me which parameters should be removed or if you have good pam.conf & krb.conf file & don't mind to share w/ me, please share w/ me? I'd like my AD users to be able to telnet into a solaris box using their existing AD login name & password as well. Any ideas which parameter in pam.conf file do I have to add it? http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/usecdirw/08wsdsu.mspx # getent passwd test01:x:65535:101::/export/home/test01:/sbin/sh # kinit Kinit (v5): can not contact any KDC for requested realm while getting initial credentials. # tail -f /var/adm/messages ... dtsession [] PAM_KRB5 (sectcred): pam_setcred failed for root (can not retrieve user credentials). Here is my krb5.conf file: [libdefaults] default_realm = WHATEVER.COM dns_lookup_realm = false dns_lookup_kdc = true default_tkt_enctypes = des-cbc-md5 des-cbc-crc default_tgs_enctypes = des-cbc-md5 des-cbc-crc [realms] WHATEVER.COM = { kdc = dc1.whatever.com admin_server = dc1.example.com kpasswd_protocol = SET_CHANGE default_domain = whatever.com } [domain_realm] *.whatever.com = WHATEVER.COM .whatever.com = WHATEVER.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d version = 10 } [appdefaults] kinit = { renewable = true forwardable= true } Here is my pam.conf: # login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 # login auth sufficient pam_krb5.so use_first_pass login auth required pam_unix_cred.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 # # # dtlogin (explicit to allow for separate control during # testing) # dtlogin auth requisite pam_authtok_get.so.1 dtlogin auth required pam_unix_auth.so.1 # # # su (explicit to provide failsafe root access during testing) # su auth requisite pam_authtok_get.so.1 su auth required pam_unix_auth.so.1 # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth required pam_unix_auth.so.1 # # Kerberized rlogin service # krlogin auth required pam_unix_cred.so.1 krlogin auth binding pam_krb5.so.1 krlogin auth required pam_unix_auth.so.1 # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 # # Kerberized rsh service # krsh auth required pam_unix_cred.so.1 krsh auth binding pam_krb5.so.1 krsh auth required pam_unix_auth.so.1 # # Kerberized telnet service # ktelnet auth required pam_unix_cred.so.1 ktelnet auth binding pam_krb5.so.1 ktelnet auth required pam_unix_auth.so.1 # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_cred.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth required pam_unix_auth.so.1 # # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 # # cron service (explicit because of non-usage of pam_roles.so.1) # cron account required pam_unix_account.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 # # Default definition for Session management # Used when service name is not explicitly mentioned for session management # other session required pam_unix_session.so.1 # # Default definition for Password management # Used when service name is not explicitly mentioned for password management # other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 # other auth sufficient pam_krb5.so use_first_pass other password required pam_authtok_store.so.1 Any helps are appreciated. Thanks, -Chris --------------------------------- Sponsored Link Talk more and pay less. Vonage can save you up to $300 a year on your phone bill. Sign up now. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos