[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Solaris 10, GSSAPI and fqhn
If you're using the Sun OpenSSH (which looks to understand Kerberos
nicely on Solaris 10) then the krb5.conf file should be
/etc/krb5/krb5.conf.
If you're also installing Heimdal/MIT to get the "native" API libraries
then you probably want to sym-link /etc/krb5.conf and
/etc/krb5/krb5.conf, or at least have them both there. I've found the
differences between Sun and Heimdal just big enough I have separate
files, though I think I could merge them without much trouble.
On Feb 17, 2005, at 12:08 AM, Andreas Haupt wrote:
> On Wed, 16 Feb 2005, Sean Brown wrote:
>
>> ----- Original Message -----
>> From: Andreas Haupt <ahaupt@ifh.de>
>> Date: Wednesday, February 16, 2005 1:40 am
>> Subject: Solaris 10, GSSAPI and fqhn
>>
>>> Hello,
>>>
>>> I'm experiencing problems with logging into a Solaris 10 machine
>>> using
>>> OpenSSH 3.9p1 and authenticating against GSSAPI. The OpenSSH Server
>>> prints the following error messages to the logfile in debug mode:
>>>
>>> Feb 16 08:55:32 nike sshd[20694]: [ID 800047 auth.debug] debug2:
>>> input_userauth_request: try method gssapi-with-mic
>>> Feb 16 08:55:32 nike sshd[20694]: [ID 800047 auth.debug] debug1:
>>> Miscellaneous failure (see text)\nunable to find realm of host nike
>>
>> Have you created a krb5.conf that states the default realm or have a
>> TXT record in your DNS so the system can look up its default realm?
>
> Yes, it's there. Excerpt from /etc/krb5.conf:
>
> [libdefaults]
> default_realm = IFH.DE
>
> The Solaris 10 machine is set up identically to the Solaris 8 machines
> (in the meaning of kerberos and name resolving).
>
> Greetings
> Andreas
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu