[14630] in Kerberos
Re: How to configure a Kerberos 5 Linux client of a Solaris KDC server
daemon@ATHENA.MIT.EDU (Wyllys Ingersoll)
Fri Jul 6 09:17:37 2001
Message-Id: <200107061314.f66DE9U267953@jurassic.eng.sun.com>
Date: Fri, 6 Jul 2001 09:17:32 -0400 (EDT)
From: Wyllys Ingersoll <Wyllys.Ingersoll@eng.sun.com>
Reply-To: Wyllys Ingersoll <Wyllys.Ingersoll@eng.sun.com>
To: kerberos@MIT.EDU, rk21@gre.ac.uk
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: RYVwGSm9xF67GyN/+a99kw==
You cannot use an MIT-based 'kadmin' client with a SEAM based KDC because
the RPC protocol used by the MIT admin program is incompatible with the
RPC protocol used by SEAM. SEAM uses RPCSEC_GSS (RFC 2743) and MIT uses
an older, non-standard, secure RPC protocol.
SEAM and MIT are compatible for all other non-administrative protocols.
e.g. 'kinit' from one will work with the other, etc etc.
-wyllys
>
>I am having trouble installing a PC running Red HAT 7.1 as a Kerberos 5
>client of a Sun KDC server running Solaris 8 and SEAM 1.01 (Sun
>implementation of Kerberos 5).
>
>I have successfully set up a Solaris 8 Kerberos 5 client. However when I
>try to set up the PC client (on which krb-workstation and krb5-libs have
>been installed) I cannot get into kadmin on the client. It recognises the
>password correctly but I get the error message
>
>
>[root@nile /]# kadmin-p kws/admin Authenticating as principal kws/admin
>with password.
>Enter password:
>kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
>
>This is using port 749 for the admin server. For other port settings e.g.
>751 I get
>
>[root@nile /etc]# kadmin -p kws/admin Authenticating as principal
>kws/admin with password. Enter password: kadmin: Communication failure
>with server while initializing kadmin interface
>
>The /etc/krb5.conf file on the Red Hat 7.1 client is as follows:
>
>[logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
>[libdefaults]
> ticket_lifetime = 24000
> default_realm = GRE.AC.UK
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
>[realms]
> GRE.AC.UK = {
> kdc = mars.gre.ac.uk:750
> admin_server = mars.gre.ac.uk:749
> default_domain = gre.ac.uk
> }
>
>[domain_realm]
> .gre.ac.uk = GRE.AC.UK
> gre.ac.uk = GRE.AC.UK
>
>[kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
>
>[pam]
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
>
>
>I'd be grateful for any suggestions on this. Does anyone know whether
>there should be any problem installing a Linux kerberos client of a Sun
>Kerberos server?
>
>Thanks,
>
>
>-------------------------------------------------------------------------------
>Dr Kevin J. Richardson, | K.J.Richardson@greenwich.ac.uk
>Computing Services, | tel +44 (0)20 8331 8392
>University of Greenwich, | fax +44 (0)20 8331 8385
>Wellington St., London SE18 6PF |
>-------------------------------------------------------------------------------
