[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solaris 10, GSSAPI and fqhn

If you're using the Sun OpenSSH (which looks to understand Kerberos  
nicely on Solaris 10) then the krb5.conf file should be  

If you're also installing Heimdal/MIT to get the "native" API libraries  
then you probably want to sym-link /etc/krb5.conf and  
/etc/krb5/krb5.conf, or at least have them both there.  I've found the  
differences between Sun and Heimdal just big enough I have separate  
files, though I think I could merge them without much trouble.

On Feb 17, 2005, at 12:08 AM, Andreas Haupt wrote:

> On Wed, 16 Feb 2005, Sean Brown wrote:
>> ----- Original Message -----
>> From: Andreas Haupt <ahaupt@ifh.de>
>> Date: Wednesday, February 16, 2005 1:40 am
>> Subject: Solaris 10, GSSAPI and fqhn
>>> Hello,
>>> I'm experiencing problems with logging into a Solaris 10 machine
>>> using
>>> OpenSSH 3.9p1 and authenticating against GSSAPI. The OpenSSH Server
>>> prints the following error messages to the logfile in debug mode:
>>> Feb 16 08:55:32 nike sshd[20694]: [ID 800047 auth.debug] debug2:
>>> input_userauth_request: try method gssapi-with-mic
>>> Feb 16 08:55:32 nike sshd[20694]: [ID 800047 auth.debug] debug1:
>>> Miscellaneous failure (see text)\nunable to find realm of host nike
>> Have you created a krb5.conf that states the default realm or have a  
>> TXT record in your DNS so the system can look up its default realm?
> Yes, it's there. Excerpt from /etc/krb5.conf:
> [libdefaults]
>         default_realm = IFH.DE
> The Solaris 10 machine is set up identically to the Solaris 8 machines
> (in the meaning of kerberos and name resolving).
> Greetings
> Andreas
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu