[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solaris 10, GSSAPI and fqhn

Hallo Andreas,

check what you have in /etc/nsswitch.conf on your solaris 8. Probably
you've got "dns, files" in it. DNS people are usually smarter then
solaris admins, they will not define anything unqulified in DNS. 

I have once posted a message to the same list asking why solaris
installation procedure writes unqulified name in /etc/hosts. According
to replies that I've got, it is sun's way to stay compatible with nis.

Regardless to if it is solaris8 or solaris10, heimdal or mit, "kerberos"
will work only if reverse lookup will return FQDN.

regards, vadim tarassov.

On Fri, 2005-02-18 at 08:53 +0100, Andreas Haupt wrote:
> Hello Henry,
> thanks for the answer.
> On Thu, 17 Feb 2005, Henry B. Hotz wrote:
> > If you're using the Sun OpenSSH (which looks to understand Kerberos nicely on 
> > Solaris 10) then the krb5.conf file should be /etc/krb5/krb5.conf.
> >
> > If you're also installing Heimdal/MIT to get the "native" API libraries then 
> > you probably want to sym-link /etc/krb5.conf and /etc/krb5/krb5.conf, or at 
> > least have them both there.  I've found the differences between Sun and 
> > Heimdal just big enough I have separate files, though I think I could merge 
> > them without much trouble.
> Yes, this I noticed as well. The link
> /etc/krb5/krb5.conf -> /etc/krb5.conf already exists. But unfortunately my 
> problem is a different one. I'm using a self compiled OpenSSH (3.9p1) with
> self compiled heimdal and so on... Sun's SSH has already been deinstalled ;-)
> Our site uses Heimdal almost everywhere and on every platform. That's why 
> we will use it on Solaris 10 as well. By now the Heimdal libs and the 
> OpenSSH binaries are the same on Solaris 8 and 10. But they behave 
> differently (Solaris 10 needs fqhn as hostname whereas Solaris 8 doesn't, 
> name resolving is set up identically as well...).
> Greetings
> Andreas
vadim <vadim.tarassov@swissonline.ch>