I have now verified that I have connections working between the two test machines. Unfortunately it appears that I can only connect from my server/kdc to the client machine utilizing kerberized services. I am able to create and destroy tickets on each machine without any problems. Currently I'm testing with the kerberized rsh & rlogin clients found in the klogin, eklogin, and kshell packages for the distributions.
I have now cached tickets on both machines for my primary and secondary logins (just in case I'm not understanding something correctly). ie on each machine I have cached tickets for [EMAIL PROTECTED] and myuser/[EMAIL PROTECTED] Each machine has the following in the /etc/krb5.keytab files: SERVER: KVNO Principal ----------------------------------------- 3 host/[EMAIL PROTECTED] 3 host/[EMAIL PROTECTED] 3 host/[EMAIL PROTECTED] 3 host/[EMAIL PROTECTED] CLIENT: KVNO Principal ----------------------------------------- 8 host/[EMAIL PROTECTED] 8 host/[EMAIL PROTECTED] 8 host/[EMAIL PROTECTED] 8 host/[EMAIL PROTECTED] 4 host/[EMAIL PROTECTED]@MYDOMAIN.COM 4 host/[EMAIL PROTECTED]@MYDOMAIN.COM 4 host/[EMAIL PROTECTED]@MYDOMAIN.COM 4 host/[EMAIL PROTECTED]@MYDOMAIN.COM When attempting a connection from the client to the server I receive the following error: [EMAIL PROTECTED]:~$ rlogin -l myclient myserver Couldn't authenticate to server: Server rejected authentication (during sendauth exchange) Server returned error code 60 (Generic error (see e-text)) Error text sent from server: Key table entry not found Trying krb4 rlogin... krb_sendauth failed: You have no tickets cached trying normal rlogin (/usr/bin/netkit-rlogin) exec: No such file or directory [EMAIL PROTECTED]:~$ Any assistance would be greatly appreciated. I'm pretty sure that after this point I will be able to get on with kerberizing some other machines on the network; it'll be nice to be able to test this on more than just the two machines. -Damon Getsman ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos