[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Solaris 10, GSSAPI and fqhn
----- Original Message -----
From: Andreas Haupt <ahaupt@ifh.de>
Date: Wednesday, February 16, 2005 1:40 am
Subject: Solaris 10, GSSAPI and fqhn
> Hello,
>
> I'm experiencing problems with logging into a Solaris 10 machine
> using
> OpenSSH 3.9p1 and authenticating against GSSAPI. The OpenSSH Server
> prints the following error messages to the logfile in debug mode:
>
> Feb 16 08:55:32 nike sshd[20694]: [ID 800047 auth.debug] debug2:
> input_userauth_request: try method gssapi-with-mic
> Feb 16 08:55:32 nike sshd[20694]: [ID 800047 auth.debug] debug1:
> Miscellaneous failure (see text)\nunable to find realm of host nike
Have you created a krb5.conf that states the default realm or have a TXT record in your DNS so the system can look up its default realm?
> Feb 16 08:55:32 nike sshd[20694]: [ID 800047 auth.info] Failed
> gssapi-with-mic for ahaupt from 141.34.2.201 port 55502 ssh2
>
> This problem I know from earlier Solaris versions as well. After a
> fresh
> installation there is only a host entry without the fqhn in
> /etc/hosts.
> Correcting this always helped...
>
> resolv.conf and nsswitch.conf are set up exactly as on our Solaris
> 8
> machines. The only thing that helps by now (on the Solaris 10
> machine) is
> setting the host name to the fqhn with the 'hostname' command. But
> this
> isn't needed on Solaris 8!
>
> The used heimdal version (0.6.3) was compiled on Solaris 8. Might
> this be
> the problem?
>
> Thanks in advance
> Andreas
>
> --
> | Andreas Haupt | E-Mail: andreas.haupt@desy.de
> | DESY Zeuthen | WWW:
> http://www.desy.de/~ahaupt| Platanenallee 6 |
> Phone: +49/33762/7-7359
> | D-15738 Zeuthen | Fax: +49/33762/7-7216
>