[31020] in Kerberos
RE: KRB5 & Sun Solaris 9
daemon@ATHENA.MIT.EDU (McGranahan, Jamen)
Fri Apr 24 16:45:57 2009
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Fri, 24 Apr 2009 15:45:00 -0500
Message-ID: <63566160FBD1BE43873B5A100A4222DF0AF32491@mailbe17.email.Vanderbilt.edu>
In-Reply-To: <20090424201725.GD14904@sun.com>
From: "McGranahan, Jamen" <jamen.mcgranahan@vanderbilt.edu>
To: "Will Fiveash" <William.Fiveash@Sun.COM>
Cc: kerberos@mit.edu, "Douglas E. Engert" <deengert@anl.gov>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
* Yes, I can ping the kdc.
* Doug: as for the IP address use, we found that for some reason, it
worked better with the IP on the other 2 boxes we have this installed &
working. So, keeping the same settings, logic would suggest it should
work here too. I've also tried changing the VANDERBILT.EDU realm with
just an IP address for the KDC, but that gave me no change. As for why
we have 2 realms, etc., this was all pre-configured and found to work on
our other 2 Sun boxes. I really don't know the reasoning behind it.
Sorry.
Jamen McGranahan
Systems Services Librarian
Vanderbilt University
-----Original Message-----
From: Will Fiveash [mailto:William.Fiveash@Sun.COM]
Sent: Friday, April 24, 2009 3:17 PM
To: McGranahan, Jamen
Cc: Douglas E. Engert; kerberos@mit.edu
Subject: Re: KRB5 & Sun Solaris 9
On Fri, Apr 24, 2009 at 02:50:47PM -0500, McGranahan, Jamen wrote:
> Error:
> lib240:/usr/local/krb5-1.6.3/bin#kinit mcgranj@DS.VANDERBILT.EDU
> Kerberos initialization on lib240
> kinit: Can't send request (send_to_kdc) for principal
> mcgranj@DS.VANDERBILT.EDU
Can you ping the kdc below?
kdc = 129.59.1.26
> Krb5.conf:
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = DS.VANDERBILT.EDU
> dns_lookup_realm = true
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> forwardable = yes
> default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
> default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
> preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
It may not make a difference but I've always seen the enctypes as all
lower case strings.
> udp_preference_limit = 1
>
> [realms]
> DS.VANDERBILT.EDU = {
> kdc = 129.59.1.26
> admin_server = ds.vanderbilt.edu
> default_domain = vanderbilt.edu
> }
> VANDERBILT.EDU = {
> kdc = ds.vanderbilt.edu
> admin_server = ds.vanderbilt.edu
> default_domain = vanderbilt.edu
> }
>
> [domain_realm]
> .vanderbilt.edu = DS.VANDERBILT.EDU
> vanderbilt.edu = DS.VANDERBILT.EDU
>
--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
