Hello Jason, I'm actually quite interested in reviewing any of your book. Currently I'm trying to implement Kerberos across all of our many platforms here. I've recently finshed Kerberizing over 170 machines with linux and solaris installed (mostly linux of different distros and versions). I can personally asstest to how difficult this was even though there seems to be a lot of guides on how to get things running there are very few sources telling you what could go wrong, and what to look for when you you get error messages. More often then not, when typed a error that Kerberos spit out into google, I got a web pages with list of possible kerberos errors (programmers guides I presume) which of course didn't help me at all. Some of the most recent problems I've come across are:
I've opted to use a the MIT version of Kerberos that comes with Redhat 7.3 as my KDC, and on the solaris machines to use the SEAM Kerberos that comes with Solaris 8 and 9. Now everything installs fine, but for some reason I can login to some server eklogin and some server prompt me for a password. I'm not sure what the difference between the machines could be I've checked every file I can think of for differences. The funny thing is that I can rsh (encrypted) to all of these machines. I've been unable to find anything on the net about this problem. Secondly, we've have several windows 2000 and Win NT 4 servers that we want to kerberize. For some reason none of the very limited on-line guides seem to give sufficient information in the area that all the kerberos documentation lack, ie, if it doesn't work look for X. I've used the ksetup program, mapped the user to a new user I created on the KDC. However upon examination of the logs it seems that the machine is sending it's name as simple it's domain name with out the localhost name. I'm not sure why this is (as when I check the identification is identified with a hostname, ie, hostname.domainname.com) and I can't find any information on-line about this. Thirdly there seems to be lots of documentation about how to turn OS X machines into client machines (apparently putting the kr5.conf configuration in a mit.edu.Kerberos file), however there is very little information about how to get to (install) utilities like kadmin so that I can create principles and keys for these machines remotely, and how to start servers like eklogin & krsh. I'll end my grievances with current documentation now, I hope I've given you some areas to explore if you haven't already come across similar problems. I think it really great that you are writting this book. It will be a much appreciated tome in the system engineers library, and I'm happy to help in any way I can. :) -- Roger Nathanial Ashby ____ o o System Engineer o ___/|__ o (_/\_)oo o _/ \ /| o ___/|__ Thruport Technologies, Inc / @ \\ \/ | o _/ \ /| 5440 Cherokee Ave. \_ // /\ | o / @ \\ \/ | Alexandria, VA 22312 \_______/ \| \_ // /\ | \_______/ \| [EMAIL PROTECTED] http://www.thruport.com -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos