[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solaris Binaries



thomasv@mac.com writes:
> HI Assar,

Hello again.

> Thanks for the binaries. I am running a Solaris 7 64-bit box with the 
> latest patch's as of July 10, 2001 . I have the box setup as a AFS 
> server. I stopped the kaserver instance, then started the heimdal kdc. 
> When I try /usr/heimdal/bin/kinit admin , it errors out with:
> 
> kerberos-iv/udp unknown service, using default port 750
> kinit: Can't send request (send_to_kdc)
> kinit: krb5_get_init-creds: unable to reach my KDC in realm 
> TEST.APPLE.COM

You need to add some configuration information too, so that kinit will
figure out where your KDC is (which is the thing it's complaining
about), and converting the database.

Here'a a brief how-to converting from a kaserver to a heimdal KDC,
courtesy of Derrick J Brashear <shadow@dementia.org> with some minor
simplications by myself(this will also be added to the manual):

1. build heimdal
2. install heimdal
3. set up /etc/krb5.conf (putting in your values)

--Beginning of krb5.conf--
[libdefaults]
        default_realm = YOUR.REALM

[realms]
        YOUR.REALM = {
                kdc = host.name.of.master
                admin_server = host.name.of.master
                default_domain = my.domain
                v4_domains = my.domain
        }
[domain_realm]
        .my.domain = YOUR.REALM
[kdc]
        enable-kerberos4 = true
        enable-kaserver = true
        enable-524 = true
[kadmin]
        default_keys = v4 v5
--End of krb5.conf--

4. Create a master key on your master
     # kstash
     Master key:
     Verifying password - Master key:

5. Create a krb5 database 
     # kadmin -l
     init YOUR.REALM
     Realm max ticket life [unlimited]:
     Realm max renewable ticket life [unlimited]:
The questions are a matter of policy. You have to decide what's appropriate.

6. Copy the database
     # hprop --source=kaserver -c your.cell -r YOUR.REALM -R YOUR.REALM -n|hpropd -n

7. Start your KDC

Now you should be able to run both kinit and klog against your KDC.

Do tell us if you have mor problems or just more questions.

/assar