[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Solaris 9 + Heimdal KDC?
On Wed, Feb 16, 2005 at 07:55:26PM +0100, Love wrote:
>
> Adam Morley <adam-software-heimdal@gmi.com> writes:
>
> > PAM-KRB5 (auth): krb5_verify_init_creds failed: Key table entry not found
> [....]
> > PAM-KRB5 (auth): krb5_verify_init_creds failed: Key table entry not found
> [...]
> > the line, "PAM-KRB5 (auth): krb5_verify_init_creds failed: Key table
> > entry not found" is the one in Sun's docs that claims I don't have a
> > keytab.
> >
> > The space I put in the log is me hitting enter on that terminal when I
> > see the password prompt, but before I enter the password and hit enter.
Hi! thanks for the reply.
>
> It depend on how the lib resolves the principal name of the host. There are
> two issues, first if the machine failes to default to resolve its name to
> the FQDN, and second because it get confused of what realm to use.
Ok. That makes sense.
>
> The first should be fixable by changing the order in /etc/hosts, the second
> by doing what below.
# cat /etc/hosts
127.0.0.1 localhost loghost
10.2.1.125 win2k0.prod.gmi.com win2k0
I thought that was the "order?"
>
>
> > [domain_realm]
> > .gmi.com = GMI.COM
>
> You probably want to add add the line below in the [domain_realm] section.
>
> .prod.gmi.com = GMI.COM
I was under the impression that .gmi.com would encompass .prod.gmi.com also?
It's been working fine on my test RedHat box. But then, I'm new to
Kerberos and Linux != Solaris.
Ok. I just changed it to:
[domain_realm]
.gmi.com = GMI.COM
.prod.gmi.com = GMI.COM
I restarted sshd, and I still get the same error when ssh'ing in:
Feb 16 12:02:41 win2k0 sshd[12809]: PAM-KRB5 (auth): krb5_verify_init_creds failed: Key table entry not found
Thanks a bunch Love,
--
adam