Heilke, Rainer wrote:
BTW, as a further clarification, the system was installed initially
using our MIT Kerberos build (i.e. the same as we use on all of the
Solaris 8 machines). I am now trying to get it to work with the Solaris
10 SEAM.
One problem I see immediately (refreshing my memory with a couple quick
tests) is that, when using the Sol10 SEAM to install the keytab, I
immediately get:
# kadmin -p rheilke/admin
Authenticating as principal rheilke/[EMAIL PROTECTED] with password.
Password for rheilke/[EMAIL PROTECTED]:
kadmin: ktadd host/salty.atcotest.ca
kadmin: Communication failure with server while changing
host/salty.atcotest.ca's key
kadmin:
So, the Sol10 SEAM cannot seem to talk to the KDC.
That's because Solaris 10 'kadmin' uses RPCSEC_GSS and
MIT uses a slightly different RPC protocol. This is not a new
issue, its been a problem ever since we introduced SEAM.
The solution is that if your KDC is MIT, then you must use the MIT
'kadmin' client to manage it.
There have been patches submitted to the MIT codebase to make
it able to support RPCSEC_GSS (and thus interop with Solaris kadmin),
but Im not sure if those are in the latest release or not.
-Wyllys
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
