Re: Solaris 9 + Heimdal KDC?

["Henry B. Hotz" <hotz@jpl.nasa.gov>]

On Feb 17, 2005, at 10:11 AM, Adam Morley wrote:

> On Thu, Feb 17, 2005 at 09:32:47AM +0100, Joakim Fallsjo wrote:
>>
> [snip]
>> What's in /etc/nodename?
>
> # cat /etc/nodename
> win2k0
>
> I'm thinking that's supposed to hold the fqdn, yes?  Either way, I set
> it to the FQDN instead of simply the host name, and I still have the
> same problem:
>
> # cat /etc/nodename
> win2k0.prod.gmi.com
> # Feb 17 10:06:48 win2k0 sshd[18974]: PAM-KRB5 (auth):  
> krb5_verify_init_creds failed: Key table entry not found
>
> (I did restart sshd inbetween)

Need to restart more than just sshd.  That's read somewhere in an rc  
script and I think fed to hostname.

> I'm logging in as user adam, and adam is in /etc/passwd and  
> /etc/shadow:
>
> # grep adam /etc/passwd
> adam:x:1001:14::/home/adam:/bin/bash
> # grep adam /etc/shadow
> adam:*K*:::::::
>
> I'm under the impression that *K* means Kerberos, from what I've read  
> at
> least.  Please correct me if I'm wrong on this.
>
> thanks!
>
> --  
> adam

I don't think /etc/shadow has anything to do with what sshd does.  If  
you're using the GSSAPI options in ssh then it will look at Kerberos  
and (I think) at ~/.k5login.  If you're giving it a password to check  
against Kerberos that's probably a PAM issue, and they may interpret  
the *K*.
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu