[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remote kadmin not working on 0.7.2
"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
> I'm probably missing something obvious, (and probably it's something
> I haven't thought to list here) but this isn't working:
>
> Client side:
> # /usr/heimdal/sbin/kadmin -p hotz
> kadmin> get hotz
> hotz@JPL.NASA.GOV's Password:
> kadmin: get hotz: Server rejected authentication (during sendauth
> exchange)
> ---
> Server side kadmin.log:
> 2006-02-27T10:41:14 krb5_recvauth: End of file
> ---
> Server side kdc.log:
> 2006-02-27T10:41:14 AS-REQ hotz@JPL.NASA.GOV from IPv4:128.149.197.37
> for kadmin/admin@JPL.NASA.GOV
> 2006-02-27T10:41:14 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-
> sha1-96
> 2006-02-27T10:41:14 Requested flags: renewable
> 2006-02-27T10:41:14 sending 649 bytes to IPv4:128.149.197.37
> ---
> # kdc.conf
> [kdc]
> database = {
> realm = JPL.NASA.GOV
> mkey_file = /nobackup/m_key
> }
> kdc_warn_pwexpire = 1mo
> require-preauth = false
> enable-kerberos4 = true
> v4-realm = JPL.NASA.GOV
> enable-524 = true
> enable-http = false
> enable-kaserver = true
> check-ticket-addresses = false
> allow-null-ticket-addresses = true
> ---
> # fgrep hotz kadmind.acl
> hotz@JPL.NASA.GOV get,list
> hotz/admin@JPL.NASA.GOV all
> ---
>
> I have snoops that prove the client is talking to the test server,
> not the production, even though they have the same realm name. I get
> the same result with an encrypted vice decrypted master database
> (which caused something similar for me on 0.6.3 once).
Is this on Solaris compiled under Sun studio 11?
There is a bug that breaks the aes code in openssl on sparc, get patch 120760-02 or newer.
/JockeF
> ------------------------------------------------------------------------
> ----
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu