[H-GEN] Problems setting up Kerberos

James McPherson - TSG Engineer James.McPherson at Sun.COM
Tue Jan 22 17:51:04 EST 2002


[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]


On 23 Jan 2002, 09:37:14 AM Sarah Kelly wrote:
> Thanks for your answer, James. Mine is below ...
> On Wed, Jan 23, 2002 at 09:24:59AM +1100, James McPherson - TSG Engineer wrote:
> > On 14 Jan 2002, 09:34:20 AM Sarah Kelly wrote:
[snip]
> Actually, since the change in the US export laws we have not needed the
> different authentication modules. I have it working. I reinstalled 
> all the packages (using the GUI instead of pkgadd) and it's working fine
> now. Might I add at this point that I hate the GUI? Give me command line
> options any day. 

you're not the only one! The one thing I think that the webstart gui has going
for it is that when you have many packages and dependencies, you can get them
all installed in the correct order just be clicking one "select" button and 
then the "ok" button. 

> I have the servers working the way they should now, but
> cannot use rlogin. I did a truss, and it turns out that the kerberised
> rlogin tries to change to the user's home directory before setting UID to
> be that user. And since the machines I am testing on are not root trusted
> by our filer, it spits the dummy big time. Sun's normal rlogin had this 
> bug fixed years ago, apparently. I believe we're filing a bug report with
> Sun over this one.

Sounds like a good idea. If it's against SEAS 3.0 though you'll probably get
a "fixed in release <blah>, upgrade" message -- if in fact we've fixed it ;|
do you have the bugid for the normal rlogin issue?
 
> My next step will be to get a Win2k box to authenticate against our new
> Kerberos server. We don't trust the Windows box to be secure so we're
> not about to put passwords there. 

your mileage may vary on that one - good luck.
 
> By the end of all this I'm going to be an interoperability specialist I 
> think!

what, only solaris and windows? that ain't _real_ interop! <grin> "True" interop 
is all that, plus linux, plus *bsd, plus that old as/400 you've got sitting in 
the corner and a few other things besides (don't forget the old vax running 
vms 5.something!)

glad to hear you're up and running now,

James

-- 
TSG Engineer (Kernel/Storage)           828 Pacific Highway
APAC Customer Care Centre               Gordon NSW 
Sun Microsystems Australia              2072

Failfast panic: those controlling voices in my head have 
stopped telling me what to do.....

Read about the VOS Initiative at http://www.vosinitiative.com


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.



More information about the General mailing list