[14634] in Kerberos
Re: How to configure a Kerberos 5 Linux client of a Solaris KDC server
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Fri Jul 6 11:35:25 2001
Message-ID: <3B45DA7C.9C383830@anl.gov>
Date: Fri, 06 Jul 2001 10:34:20 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Wyllys Ingersoll <Wyllys.Ingersoll@Eng.Sun.COM>
CC: kerberos@MIT.EDU, rk21@gre.ac.uk
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Wyllys Ingersoll wrote:
>
> You cannot use an MIT-based 'kadmin' client with a SEAM based KDC because
> the RPC protocol used by the MIT admin program is incompatible with the
> RPC protocol used by SEAM. SEAM uses RPCSEC_GSS (RFC 2743) and MIT uses
> an older, non-standard, secure RPC protocol.
>
> SEAM and MIT are compatible for all other non-administrative protocols.
> e.g. 'kinit' from one will work with the other, etc etc.
>
> -wyllys
Hopefully this will soon be fixed.
"Kerberos Set/Change Password: Version 2"
http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-set-passwd-06.txt
has gone through working group last call, and hopefully the Kerberos vendors
will see fit to implement it.
>
> >
> >I am having trouble installing a PC running Red HAT 7.1 as a Kerberos 5
> >client of a Sun KDC server running Solaris 8 and SEAM 1.01 (Sun
> >implementation of Kerberos 5).
> >
> >I have successfully set up a Solaris 8 Kerberos 5 client. However when I
> >try to set up the PC client (on which krb-workstation and krb5-libs have
> >been installed) I cannot get into kadmin on the client. It recognises the
> >password correctly but I get the error message
> >
> >
> >[root@nile /]# kadmin-p kws/admin Authenticating as principal kws/admin
> >with password.
> >Enter password:
> >kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
> >
> >This is using port 749 for the admin server. For other port settings e.g.
> >751 I get
> >
> >[root@nile /etc]# kadmin -p kws/admin Authenticating as principal
> >kws/admin with password. Enter password: kadmin: Communication failure
> >with server while initializing kadmin interface
> >
> >The /etc/krb5.conf file on the Red Hat 7.1 client is as follows:
> >
> >[logging]
> > default = FILE:/var/log/krb5libs.log
> > kdc = FILE:/var/log/krb5kdc.log
> > admin_server = FILE:/var/log/kadmind.log
> >
> >[libdefaults]
> > ticket_lifetime = 24000
> > default_realm = GRE.AC.UK
> > dns_lookup_realm = false
> > dns_lookup_kdc = false
> >
> >[realms]
> > GRE.AC.UK = {
> > kdc = mars.gre.ac.uk:750
> > admin_server = mars.gre.ac.uk:749
> > default_domain = gre.ac.uk
> > }
> >
> >[domain_realm]
> > .gre.ac.uk = GRE.AC.UK
> > gre.ac.uk = GRE.AC.UK
> >
> >[kdc]
> > profile = /var/kerberos/krb5kdc/kdc.conf
> >
> >[pam]
> > debug = false
> > ticket_lifetime = 36000
> > renew_lifetime = 36000
> > forwardable = true
> > krb4_convert = false
> >
> >
> >I'd be grateful for any suggestions on this. Does anyone know whether
> >there should be any problem installing a Linux kerberos client of a Sun
> >Kerberos server?
> >
> >Thanks,
> >
> >
> >-------------------------------------------------------------------------------
> >Dr Kevin J. Richardson, | K.J.Richardson@greenwich.ac.uk
> >Computing Services, | tel +44 (0)20 8331 8392
> >University of Greenwich, | fax +44 (0)20 8331 8385
> >Wellington St., London SE18 6PF |
> >-------------------------------------------------------------------------------
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
