[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Solaris 9 + Heimdal KDC?

To: Adam Morley <adam-software-heimdal@gmi.com>
Subject: Re: Solaris 9 + Heimdal KDC?
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Wed, 23 Feb 2005 15:34:30 -0800
Cc: heimdal-discuss@sics.se
In-Reply-To: <20050217212809.GQ32214@pri.gmi.com>
References: <20050214184506.GE10864@pri.gmi.com> <amis4sl4gx.fsf@nutcracker.it.su.se> <20050216200824.GJ32214@pri.gmi.com> <f52a080172f5e9dd1902be9152f91bb4@jpl.nasa.gov> <20050217013004.GM32214@pri.gmi.com> <reg650rlh74.fsf@sai.sanchin.se> <20050217181140.GO32214@pri.gmi.com> <aa125b97ba2149852aeb314903d1c098@jpl.nasa.gov> <20050217212809.GQ32214@pri.gmi.com>
Sender: owner-heimdal-discuss@sics.se

On Feb 17, 2005, at 1:28 PM, Adam Morley wrote:

> So I can log in now (quite neat!), and I see a request for krbtgt in  
> the
> kdc's logs, but no ticket in the cache:
>
> <...ssh password prompt entry...>
> bash-2.05$ klist
> klist: No credentials cache file found while setting cache flags(ticket
> cache /tmp/krb5cc_1001)

Memory is fuzzy, but I think the Solaris pam_krb5 may not keep the tgt  
unless it can verify it against a host/FQDN@REALM principal in  
/etc/krb5/krb5.keytab.  Also applies to the screen lock, which will  
renew the tgt on unlock if it can verify the kdc.

There's a verify-mumble-nofail option that may affect this behavior.   
It's claimed to affect it on Solaris 10 anyway.

man pam_krb5 may tell you something.  It's very informative on Solaris  
10.

> I'm guessing changepw is for Solaris's account management/password
> change policy stuff, as . . .

	kpasswd_protocol = SET_CHANGE

man krb5.conf
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: Solaris 9 + Heimdal KDC?
  - From: Adam Morley <adam-software-heimdal@gmi.com>

References:
- Solaris 9 + Heimdal KDC?
  - From: Adam Morley <adam-software-heimdal@gmi.com>
- Re: Solaris 9 + Heimdal KDC?
  - From: Love <lha@stacken.kth.se>
- Re: Solaris 9 + Heimdal KDC?
  - From: Adam Morley <adam-software-heimdal@gmi.com>
- Re: Solaris 9 + Heimdal KDC?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: Solaris 9 + Heimdal KDC?
  - From: Adam Morley <adam-software-heimdal@gmi.com>
- Re: Solaris 9 + Heimdal KDC?
  - From: Joakim Fallsjo <fallsjo+lists@sanchin.se>
- Re: Solaris 9 + Heimdal KDC?
  - From: Adam Morley <adam-software-heimdal@gmi.com>
- Re: Solaris 9 + Heimdal KDC?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: Solaris 9 + Heimdal KDC?
  - From: Adam Morley <adam-software-heimdal@gmi.com>

Prev by Date: Re: Solaris 10, GSSAPI and fqhn
Next by Date: Re: cross-realm difficulties
Prev by thread: Re: Solaris 9 + Heimdal KDC?
Next by thread: Re: Solaris 9 + Heimdal KDC?
Index(es):
- Date
- Thread