[23915] in Kerberos
Re: MIT 1.4.1 and Solaris 10 SEAM kadmin
daemon@ATHENA.MIT.EDU (Ian Grant)
Thu May 19 19:19:10 2005
From: Ian Grant <ian.grant@cl.cam.ac.uk>
To: Rainer.Heilke@atcoitek.com
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: Thu, 19 May 2005 15:48:54 +0100
Message-Id: <1116514134.27889.33.camel@fenton.cl.cam.ac.uk>
Mime-Version: 1.0
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
> We heard that krb5-1.4.x would support the protocol (RPCSEC_GSS ?)
> necessary to allow a Solaris 10 kadmin client to work with an MIT
> kadmind.
>
> We tried upgrading our MIT server to 1.4.1 and we still cannot get it to
> work.
>
> We also heard that you need to add a principal of the form:
> kadmin/kdc_name
>
> I was unable to get clarification on the format of kdc_name. We've
> tried:
>
> kadmin/hostname.domain
This should be added automatically/ The hostname should be the
canonical fqdn of the KDC (i.e. not a CNAME)
> kadmin/hostname
> kadmin/cname (our cname for our kerberos server is 'kerberos' )
>
> Nothing made a difference.
We are trying the same: Solaris 10 kadmin client talking to MIT 1.4
kadmind. We use a command like
kadmin -p princ/admin
We are prompted for the password. On entering it we see in the kdc logs
that authentication happens:
May 19 11:34:44 ***** krb5kdc[16731](info): AS_REQ (5 etypes {17 16 23
3 1 }) xxx.xxx.xxx.xxx: ISSUE: authtime 1116498884, etypes {rep=16
tkt=16 ses=16}, princ/admin@MY.DOMAIN for kadmin/kdc.fdn@MY.DOMAIN
But the kadmin client responds:
kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
It seems you get further than we do!
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
