[H-GEN] Kerberos advances

James McPherson - TSG Engineer James.McPherson at Sun.COM
Tue Jan 22 17:44:38 EST 2002


On 15 Jan 2002, 01:54:00 PM Sarah Kelly wrote:
> On Tue, Jan 15, 2002 at 12:28:37PM +1000, Robert Brockway wrote:
> > On Tue, 15 Jan 2002, Sarah Kelly wrote:
> > > Okay, things are looking up now. Kerberos works, mostly. Turns out that
> > > we needed to make changes to /etc/services, which we actually had set in 
> > > a NIS+ table rather than the file. We're still getting some complaints
> > > about an RPC not being registered yet, and some programs are having trouble
> > > as a result, but it's a lot smoother.
> > > How can I find out what RPCs are registered, and how do I register an RPC?

the short answer to the first bit is

/usr/bin/rpcinfo

(see the attachment for what's running on my workstation)


> > Believe it or not, it is my understanding that a reboot is required to fix
> > some RPC registration problems under Solaris.  I read this somewhere deep
> > in the doco.  It basically says something like "don't be starting &
> > stopping RPC services out of order, reboot instead".  This is all from
> > memory so if anyone could provide more specific advice for Sarah I think
> > that would be narly.
> > 
> > James of the Sun Microsystems, do you have any comments on this RPC
> > issue?

See the next email from me - still chasing it.

> kerbd is not running on this system. According to the manpages:
> 
> NAME
>      kerbd - generates and validates Kerberos tickets for  kernel
>      RPC
> 
> SYNOPSIS
>      /usr/sbin/kerbd [ -dg ]
> 
> DESCRIPTION
>      kerbd is the usermode daemon which interfaces between kernel
>      RPC  and  the Kerberos key distribution center (KDC) for the
>      purposes of generating and validating  Kerberos  authentica-
>      tion  tickets.  In  addition, kerbd maps Kerberos user names
>      into local user and group ids. By default, all  groups  that
>      the  requested  user  belongs  to  will  be  included in the
>      grouplist credential. kerbd is  automatically  started  when
>      the system enters the multi-user state.
> ...
> 
>  Availability                | SUNWcsu                   
>
> Now, not only is kerbd not running, but I can't find it anywhere
> on the system, including in the SUNWcsu package. I'm thinking that
> this could have something to do with my current problems. 


Actually, the manpage is correct. I checked my system and I don't have
a /usr/sbin/kerbd installed either, but I have a "full" install (64bit
and OEM) of Solaris 8 10/00. What happens is that when you install your
system (at least, this is with 8), you get asked whether you want to 
install kerberos security. I chose no (as you probably did also), so
the binary kerbd was not installed. You might notice, however, that the
libraries in /usr/lib/krb5 are installed -- not sure why this is.

James
(still catching up on an email backlog after holidays....)
-- 
TSG Engineer (Kernel/Storage)           828 Pacific Highway
APAC Customer Care Centre               Gordon NSW 
Sun Microsystems Australia              2072

Failfast panic: those controlling voices in my head have 
stopped telling me what to do.....

Read about the VOS Initiative at http://www.vosinitiative.com

-------------- next part --------------
   program version netid     address             service    owner
    100000    4    ticots    fodder.rpc          portmapper superuser
    100000    3    ticots    fodder.rpc          portmapper superuser
    100000    4    ticotsord fodder.rpc          portmapper superuser
    100000    3    ticotsord fodder.rpc          portmapper superuser
    100000    4    ticlts    fodder.rpc          portmapper superuser
    100000    3    ticlts    fodder.rpc          portmapper superuser
    100000    4    tcp       0.0.0.0.0.111       portmapper superuser
    100000    3    tcp       0.0.0.0.0.111       portmapper superuser
    100000    2    tcp       0.0.0.0.0.111       portmapper superuser
    100000    4    udp       0.0.0.0.0.111       portmapper superuser
    100000    3    udp       0.0.0.0.0.111       portmapper superuser
    100000    2    udp       0.0.0.0.0.111       portmapper superuser
    100000    4    tcp6      ::.0.111            portmapper superuser
    100000    3    tcp6      ::.0.111            portmapper superuser
    100000    4    udp6      ::.0.111            portmapper superuser
    100000    3    udp6      ::.0.111            portmapper superuser
    100029    1    ticlts    fodder.keyserv      keyserv    superuser
    100029    1    ticotsord fodder.keyserv      keyserv    superuser
    100029    1    ticots    fodder.keyserv      keyserv    superuser
    100029    2    ticlts    fodder.keyserv      keyserv    superuser
    100029    2    ticotsord fodder.keyserv      keyserv    superuser
    100029    2    ticots    fodder.keyserv      keyserv    superuser
    100029    3    ticlts    fodder.keyserv      keyserv    superuser
    100029    3    ticotsord fodder.keyserv      keyserv    superuser
    100029    3    ticots    fodder.keyserv      keyserv    superuser
    100007    3    udp6      ::.128.10           ypbind     superuser
    100007    3    tcp6      ::.128.6            ypbind     superuser
    100007    3    udp       0.0.0.0.128.11      ypbind     superuser
    100007    2    udp       0.0.0.0.128.11      ypbind     superuser
    100007    1    udp       0.0.0.0.128.11      ypbind     superuser
    100007    3    tcp       0.0.0.0.128.7       ypbind     superuser
    100007    2    tcp       0.0.0.0.128.7       ypbind     superuser
    100007    1    tcp       0.0.0.0.128.7       ypbind     superuser
    100007    3    ticlts    \000\000\020;       ypbind     superuser
    100007    2    ticlts    \000\000\020;       ypbind     superuser
    100007    3    ticotsord \000\000\020B       ypbind     superuser
    100007    2    ticotsord \000\000\020B       ypbind     superuser
    100007    3    ticots    \000\000\020I       ypbind     superuser
    100024    1    udp6      ::.128.19           status     superuser
    100024    1    tcp6      ::.128.8            status     superuser
    100024    1    udp       0.0.0.0.128.20      status     superuser
    100024    1    tcp       0.0.0.0.128.9       status     superuser
    100024    1    ticlts    \000\000\020X       status     superuser
    100024    1    ticotsord \000\000\020[       status     superuser
    100024    1    ticots    \000\000\020^       status     superuser
    100133    1    udp6      ::.128.19           -          superuser
    100133    1    tcp6      ::.128.8            -          superuser
    100133    1    udp       0.0.0.0.128.20      -          superuser
    100133    1    tcp       0.0.0.0.128.9       -          superuser
    100133    1    ticlts    \000\000\020X       -          superuser
    100232   10    udp6      ::.128.21           -          superuser
    100133    1    ticotsord \000\000\020[       -          superuser
    100133    1    ticots    \000\000\020^       -          superuser
    100232   10    udp       0.0.0.0.128.23      -          superuser
    100011    1    udp6      ::.128.25           rquotad    superuser
    100011    1    udp       0.0.0.0.128.27      rquotad    superuser
    100011    1    ticlts    \000\000\020u       rquotad    superuser
    100002    2    udp6      ::.128.30           rusersd    superuser
    100002    3    udp6      ::.128.30           rusersd    superuser
    100002    2    udp       0.0.0.0.128.32      rusersd    superuser
    100002    3    udp       0.0.0.0.128.32      rusersd    superuser
    100002    2    ticlts    \000\000\020}       rusersd    superuser
    100002    3    ticlts    \000\000\020}       rusersd    superuser
    100002    2    tcp6      ::.128.19           rusersd    superuser
    100002    3    tcp6      ::.128.19           rusersd    superuser
    100002    2    tcp       0.0.0.0.128.21      rusersd    superuser
    100002    3    tcp       0.0.0.0.128.21      rusersd    superuser
    100002    2    ticotsord \000\000\020\204    rusersd    superuser
    100002    3    ticotsord \000\000\020\204    rusersd    superuser
    100021    1    udp6      ::.15.205           nlockmgr   superuser
    100021    2    udp6      ::.15.205           nlockmgr   superuser
    100021    3    udp6      ::.15.205           nlockmgr   superuser
    100021    4    udp6      ::.15.205           nlockmgr   superuser
    100021    1    tcp6      ::.15.205           nlockmgr   superuser
    100021    2    tcp6      ::.15.205           nlockmgr   superuser
    100021    3    tcp6      ::.15.205           nlockmgr   superuser
    100021    4    tcp6      ::.15.205           nlockmgr   superuser
    100021    1    udp       0.0.0.0.15.205      nlockmgr   superuser
    100021    2    udp       0.0.0.0.15.205      nlockmgr   superuser
    100021    3    udp       0.0.0.0.15.205      nlockmgr   superuser
    100021    4    udp       0.0.0.0.15.205      nlockmgr   superuser
    100021    1    tcp       0.0.0.0.15.205      nlockmgr   superuser
    100021    2    tcp       0.0.0.0.15.205      nlockmgr   superuser
    100021    3    tcp       0.0.0.0.15.205      nlockmgr   superuser
    100021    4    tcp       0.0.0.0.15.205      nlockmgr   superuser
    100002    2    ticots    \000\000\020\251    rusersd    superuser
    100002    3    ticots    \000\000\020\251    rusersd    superuser
    100012    1    udp6      ::.128.43           sprayd     superuser
    100012    1    udp       0.0.0.0.128.45      sprayd     superuser
    100012    1    ticlts    \000\000\020\257    sprayd     superuser
    100008    1    udp6      ::.128.50           walld      superuser
    100099    3    ticotsord fodder.autofs       -          superuser
    100008    1    udp       0.0.0.0.128.52      walld      superuser
    100008    1    ticlts    \000\000\020\266    walld      superuser
    100001    2    udp6      ::.128.56           rstatd     superuser
    100001    3    udp6      ::.128.56           rstatd     superuser
    100001    4    udp6      ::.128.56           rstatd     superuser
    100001    2    udp       0.0.0.0.128.58      rstatd     superuser
    100001    3    udp       0.0.0.0.128.58      rstatd     superuser
    100001    4    udp       0.0.0.0.128.58      rstatd     superuser
    100001    2    ticlts    \000\000\020\301    rstatd     superuser
    100001    3    ticlts    \000\000\020\301    rstatd     superuser
    100001    4    ticlts    \000\000\020\301    rstatd     superuser
    100083    1    tcp6      ::.128.34           -          superuser
    100083    1    tcp       0.0.0.0.128.36      -          superuser
    100221    1    tcp6      ::.128.38           -          superuser
    100221    1    tcp       0.0.0.0.128.40      -          superuser
    100235    1    tcp6      ::.128.42           -          superuser
    100235    1    tcp       0.0.0.0.128.44      -          superuser
    100134    1    ticotsord \000\000\020\317    -          superuser
    100234    1    ticotsord \000\000\020\322    -          superuser
    100146    1    ticotsord \000\000\020\325    -          superuser
    100147    1    ticotsord \000\000\020\330    -          superuser
    100150    1    ticotsord \000\000\020\333    -          superuser
    100068    2    udp       0.0.0.0.128.73      -          superuser
    100068    3    udp       0.0.0.0.128.73      -          superuser
    100068    4    udp       0.0.0.0.128.73      -          superuser
    100068    5    udp       0.0.0.0.128.73      -          superuser
    300326    4    tcp6      ::.128.52           -          superuser
    300326    4    tcp       0.0.0.0.128.54      -          superuser
    100229    1    tcp6      ::.128.56           -          superuser
    100229    1    tcp       0.0.0.0.128.58      -          superuser
    100230    1    tcp6      ::.128.60           -          superuser
    100230    1    tcp       0.0.0.0.128.62      -          superuser
    300473    1    tcp6      ::.128.64           -          superuser
    300473    1    tcp       0.0.0.0.128.66      -          superuser
    100231    1    ticlts    fodder.nfsauth      -          superuser
    100231    1    ticotsord fodder.nfsauth      -          superuser
    100231    1    ticots    fodder.nfsauth      -          superuser
    100005    1    udp6      ::.128.102          mountd     superuser
    100005    1    udp       0.0.0.0.128.103     mountd     superuser
    100005    1    ticlts    \000\000\020?       mountd     superuser
    100005    2    udp6      ::.128.102          mountd     superuser
    100005    2    udp       0.0.0.0.128.103     mountd     superuser
    100005    2    ticlts    \000\000\020?       mountd     superuser
    100005    3    udp6      ::.128.102          mountd     superuser
    100005    3    udp       0.0.0.0.128.103     mountd     superuser
    100005    3    ticlts    \000\000\020?       mountd     superuser
    100005    1    tcp6      ::.128.73           mountd     superuser
    100005    1    tcp       0.0.0.0.128.74      mountd     superuser
    100005    1    ticotsord \000\000\021\020    mountd     superuser
    100005    1    ticots    \000\000\021\023    mountd     superuser
    100005    2    tcp6      ::.128.73           mountd     superuser
    100005    2    tcp       0.0.0.0.128.74      mountd     superuser
    100005    2    ticotsord \000\000\021\020    mountd     superuser
    100005    2    ticots    \000\000\021\023    mountd     superuser
    100005    3    tcp6      ::.128.73           mountd     superuser
    100005    3    tcp       0.0.0.0.128.74      mountd     superuser
    100005    3    ticotsord \000\000\021\020    mountd     superuser
    100005    3    ticots    \000\000\021\023    mountd     superuser
    100003    2    udp6      ::.8.1              nfs        superuser
    100003    3    udp6      ::.8.1              nfs        superuser
    100227    2    udp6      ::.8.1              -          superuser
    100227    3    udp6      ::.8.1              -          superuser
    100003    2    tcp6      ::.8.1              nfs        superuser
    100003    3    tcp6      ::.8.1              nfs        superuser
    100227    2    tcp6      ::.8.1              -          superuser
    100227    3    tcp6      ::.8.1              -          superuser
    100003    2    udp       0.0.0.0.8.1         nfs        superuser
    100003    3    udp       0.0.0.0.8.1         nfs        superuser
    100227    2    udp       0.0.0.0.8.1         -          superuser
    100227    3    udp       0.0.0.0.8.1         -          superuser
    100003    2    tcp       0.0.0.0.8.1         nfs        superuser
    100003    3    tcp       0.0.0.0.8.1         nfs        superuser
    100227    2    tcp       0.0.0.0.8.1         -          superuser
    100227    3    tcp       0.0.0.0.8.1         -          superuser
    300598    1    udp6      ::.128.106          -          superuser
    300598    1    tcp6      ::.128.75           -          superuser
    300598    1    udp       0.0.0.0.128.107     -          superuser
    300598    1    tcp       0.0.0.0.128.76      -          superuser
    300598    1    ticlts    \000\000\021N       -          superuser
    300598    1    ticotsord \000\000\021Q       -          superuser
    300598    1    ticots    \000\000\021T       -          superuser
 805306368    1    udp6      ::.128.106          -          superuser
 805306368    1    tcp6      ::.128.75           -          superuser
 805306368    1    udp       0.0.0.0.128.107     -          superuser
 805306368    1    tcp       0.0.0.0.128.76      -          superuser
 805306368    1    ticlts    \000\000\021N       -          superuser
 805306368    1    ticotsord \000\000\021Q       -          superuser
 805306368    1    ticots    \000\000\021T       -          superuser
    100249    1    udp6      ::.128.108          -          superuser
    100249    1    tcp6      ::.128.77           -          superuser
    100249    1    udp       0.0.0.0.128.109     -          superuser
    100249    1    tcp       0.0.0.0.128.78      -          superuser
    100249    1    ticlts    \000\000\021m       -          superuser
    100249    1    ticotsord \000\000\021p       -          superuser
    100249    1    ticots    \000\000\021s       -          superuser
1289637086    5    tcp       0.0.0.0.130.74      -          101346
1289637086    1    tcp       0.0.0.0.130.74      -          101346


More information about the General mailing list