[H-GEN] Problems setting up Kerberos

James McPherson - TSG Engineer James.McPherson at Sun.COM
Tue Jan 22 17:24:59 EST 2002

On 14 Jan 2002, 09:34:20 AM Sarah Kelly wrote:
> I'm trying to set up Kerberos using the Sun packages (Sun Enterprise
> Authentication Mechanism) and I'm having some troubles.
> From my machine, I started up kdc and kdc.master. I then tried to use
> kadmin:
> sarah at avatar init.d$ /usr/krb5/sbin/kadmin -p sarah/admin at UOW.EDU.AU
> Enter Password:
> kadmin: Communication failure with server while initializing kadmin interface
> According to the sun documentation, this means that kadmind isn't running
> on the master server, or that the host name for the master server is wrong.
> sarah at avatar init.d$ ps -ef | grep kadmind
>     root  1423     1  0 09:30:21 ?        0:00 /usr/krb5/lib/kadmind
>    sarah  1425  1358  0 09:30:25 pts/5    0:00 grep kadmind
> [realms]
>         UOW.EDU.AU = {
>                 kdc = avatar.its.uow.edu.au
> #                kdc = phoenix.its.uow.edu.au
>                 admin_server = avatar.its.uow.edu.au
>         }

Hi Sarah,
are you still having problems with kerberos? I found a bug filed against the
error message you mention - 4304154 - which is closed as "not a bug." I hate
it when the developers do that!

Anyway, the gist of it is that you need to have the "domestic" kerberos security
package installed, and 

The entry for kerberos_v5 in /etc/gss/mech is as follows...

kerberos_v5     1.2.840.113554.1.2.2    gl/mech_krb5.so gl_kmech_krb5

Changing the mechanism file to use the corresponding entry for the 'domestic'
kerberos_v5 mechanism (from SUNWkrgdo), kadmin works without problems.

so if you can get your hands on the SUNWkrgdo package then you should install that
and if necessary modify your /etc/gss/mech file as above. Alternatively, you
could use the installer script that comes with the SEAS cdrom because that is 
supposed to organise things correctly for you. The responsible engineer for this
bug mentioned that this issue you mention occurs if you use pkgadd and don't
install SUNWkrgdo.

Let me know if you have any more questions about this.

best regards,
James C. McPherson

