[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heimdal with Solaris 8 clients, amonst other things

Hi all,

We've been trying, rather unsuccesfully, to use a Heimdal KDC with a
8 client. After a lot of debugging work we eventually sussed out what
wrong. I might add here that more debugging output from the KDC would
been handy - for example what etypes were being used/offered by both

The problem we had was that we wanted to use DES3. The Solaris 8 client
wanted to offer des3-cbc-md5, whilst heimdal seemed to want
Eventually we noticed that heimdal only insisted on the sha1 type
that was the only des3 one available on the principle.

>From there we decided to try and get a des3-cbc-md5 key onto the
This should have been straightforward, but the only way we could find to
it was to add "default_keys = des3-cbc-md5:pw-salt" to the kadmin
section of
our config file, and then create a new principle. This seemed to work,
then we had problems with the krbtgt principle not having that key. We
everything we could think of to add it, but to no avail.

At that point we've pretty much given up. The documentation doesn't seem
offer an hints as to a solution. I guess the Solaris 8 client side stuff
probably not being overly friendly, but we can't seem to change it's
behaviour either.

Has anyone else had experience in this area? And are there any changes
planned to the KDC to allow adding of key types more easily?

As a seperate issue, we've had trouble with the master key business. We
thought we'd set one up, but when we moved the m-key file out of the way
KDC still started. What's the correct way to make sure our database is
secured with a key?

Thanks for your time,

Tim Bishop,
Computer Science Computing Officer,
University of Kent at Canterbury.