[H-GEN] Kerberos advances
James McPherson - TSG Engineer
James.McPherson at Sun.COM
Tue Jan 22 17:44:38 EST 2002
On 15 Jan 2002, 01:54:00 PM Sarah Kelly wrote:
> On Tue, Jan 15, 2002 at 12:28:37PM +1000, Robert Brockway wrote:
> > On Tue, 15 Jan 2002, Sarah Kelly wrote:
> > > Okay, things are looking up now. Kerberos works, mostly. Turns out that
> > > we needed to make changes to /etc/services, which we actually had set in
> > > a NIS+ table rather than the file. We're still getting some complaints
> > > about an RPC not being registered yet, and some programs are having trouble
> > > as a result, but it's a lot smoother.
> > > How can I find out what RPCs are registered, and how do I register an RPC?
the short answer to the first bit is
/usr/bin/rpcinfo
(see the attachment for what's running on my workstation)
> > Believe it or not, it is my understanding that a reboot is required to fix
> > some RPC registration problems under Solaris. I read this somewhere deep
> > in the doco. It basically says something like "don't be starting &
> > stopping RPC services out of order, reboot instead". This is all from
> > memory so if anyone could provide more specific advice for Sarah I think
> > that would be narly.
> >
> > James of the Sun Microsystems, do you have any comments on this RPC
> > issue?
See the next email from me - still chasing it.
> kerbd is not running on this system. According to the manpages:
>
> NAME
> kerbd - generates and validates Kerberos tickets for kernel
> RPC
>
> SYNOPSIS
> /usr/sbin/kerbd [ -dg ]
>
> DESCRIPTION
> kerbd is the usermode daemon which interfaces between kernel
> RPC and the Kerberos key distribution center (KDC) for the
> purposes of generating and validating Kerberos authentica-
> tion tickets. In addition, kerbd maps Kerberos user names
> into local user and group ids. By default, all groups that
> the requested user belongs to will be included in the
> grouplist credential. kerbd is automatically started when
> the system enters the multi-user state.
> ...
>
> Availability | SUNWcsu
>
> Now, not only is kerbd not running, but I can't find it anywhere
> on the system, including in the SUNWcsu package. I'm thinking that
> this could have something to do with my current problems.
Actually, the manpage is correct. I checked my system and I don't have
a /usr/sbin/kerbd installed either, but I have a "full" install (64bit
and OEM) of Solaris 8 10/00. What happens is that when you install your
system (at least, this is with 8), you get asked whether you want to
install kerberos security. I chose no (as you probably did also), so
the binary kerbd was not installed. You might notice, however, that the
libraries in /usr/lib/krb5 are installed -- not sure why this is.
James
(still catching up on an email backlog after holidays....)
--
TSG Engineer (Kernel/Storage) 828 Pacific Highway
APAC Customer Care Centre Gordon NSW
Sun Microsystems Australia 2072
Failfast panic: those controlling voices in my head have
stopped telling me what to do.....
Read about the VOS Initiative at http://www.vosinitiative.com
-------------- next part --------------
program version netid address service owner
100000 4 ticots fodder.rpc portmapper superuser
100000 3 ticots fodder.rpc portmapper superuser
100000 4 ticotsord fodder.rpc portmapper superuser
100000 3 ticotsord fodder.rpc portmapper superuser
100000 4 ticlts fodder.rpc portmapper superuser
100000 3 ticlts fodder.rpc portmapper superuser
100000 4 tcp 0.0.0.0.0.111 portmapper superuser
100000 3 tcp 0.0.0.0.0.111 portmapper superuser
100000 2 tcp 0.0.0.0.0.111 portmapper superuser
100000 4 udp 0.0.0.0.0.111 portmapper superuser
100000 3 udp 0.0.0.0.0.111 portmapper superuser
100000 2 udp 0.0.0.0.0.111 portmapper superuser
100000 4 tcp6 ::.0.111 portmapper superuser
100000 3 tcp6 ::.0.111 portmapper superuser
100000 4 udp6 ::.0.111 portmapper superuser
100000 3 udp6 ::.0.111 portmapper superuser
100029 1 ticlts fodder.keyserv keyserv superuser
100029 1 ticotsord fodder.keyserv keyserv superuser
100029 1 ticots fodder.keyserv keyserv superuser
100029 2 ticlts fodder.keyserv keyserv superuser
100029 2 ticotsord fodder.keyserv keyserv superuser
100029 2 ticots fodder.keyserv keyserv superuser
100029 3 ticlts fodder.keyserv keyserv superuser
100029 3 ticotsord fodder.keyserv keyserv superuser
100029 3 ticots fodder.keyserv keyserv superuser
100007 3 udp6 ::.128.10 ypbind superuser
100007 3 tcp6 ::.128.6 ypbind superuser
100007 3 udp 0.0.0.0.128.11 ypbind superuser
100007 2 udp 0.0.0.0.128.11 ypbind superuser
100007 1 udp 0.0.0.0.128.11 ypbind superuser
100007 3 tcp 0.0.0.0.128.7 ypbind superuser
100007 2 tcp 0.0.0.0.128.7 ypbind superuser
100007 1 tcp 0.0.0.0.128.7 ypbind superuser
100007 3 ticlts \000\000\020; ypbind superuser
100007 2 ticlts \000\000\020; ypbind superuser
100007 3 ticotsord \000\000\020B ypbind superuser
100007 2 ticotsord \000\000\020B ypbind superuser
100007 3 ticots \000\000\020I ypbind superuser
100024 1 udp6 ::.128.19 status superuser
100024 1 tcp6 ::.128.8 status superuser
100024 1 udp 0.0.0.0.128.20 status superuser
100024 1 tcp 0.0.0.0.128.9 status superuser
100024 1 ticlts \000\000\020X status superuser
100024 1 ticotsord \000\000\020[ status superuser
100024 1 ticots \000\000\020^ status superuser
100133 1 udp6 ::.128.19 - superuser
100133 1 tcp6 ::.128.8 - superuser
100133 1 udp 0.0.0.0.128.20 - superuser
100133 1 tcp 0.0.0.0.128.9 - superuser
100133 1 ticlts \000\000\020X - superuser
100232 10 udp6 ::.128.21 - superuser
100133 1 ticotsord \000\000\020[ - superuser
100133 1 ticots \000\000\020^ - superuser
100232 10 udp 0.0.0.0.128.23 - superuser
100011 1 udp6 ::.128.25 rquotad superuser
100011 1 udp 0.0.0.0.128.27 rquotad superuser
100011 1 ticlts \000\000\020u rquotad superuser
100002 2 udp6 ::.128.30 rusersd superuser
100002 3 udp6 ::.128.30 rusersd superuser
100002 2 udp 0.0.0.0.128.32 rusersd superuser
100002 3 udp 0.0.0.0.128.32 rusersd superuser
100002 2 ticlts \000\000\020} rusersd superuser
100002 3 ticlts \000\000\020} rusersd superuser
100002 2 tcp6 ::.128.19 rusersd superuser
100002 3 tcp6 ::.128.19 rusersd superuser
100002 2 tcp 0.0.0.0.128.21 rusersd superuser
100002 3 tcp 0.0.0.0.128.21 rusersd superuser
100002 2 ticotsord \000\000\020\204 rusersd superuser
100002 3 ticotsord \000\000\020\204 rusersd superuser
100021 1 udp6 ::.15.205 nlockmgr superuser
100021 2 udp6 ::.15.205 nlockmgr superuser
100021 3 udp6 ::.15.205 nlockmgr superuser
100021 4 udp6 ::.15.205 nlockmgr superuser
100021 1 tcp6 ::.15.205 nlockmgr superuser
100021 2 tcp6 ::.15.205 nlockmgr superuser
100021 3 tcp6 ::.15.205 nlockmgr superuser
100021 4 tcp6 ::.15.205 nlockmgr superuser
100021 1 udp 0.0.0.0.15.205 nlockmgr superuser
100021 2 udp 0.0.0.0.15.205 nlockmgr superuser
100021 3 udp 0.0.0.0.15.205 nlockmgr superuser
100021 4 udp 0.0.0.0.15.205 nlockmgr superuser
100021 1 tcp 0.0.0.0.15.205 nlockmgr superuser
100021 2 tcp 0.0.0.0.15.205 nlockmgr superuser
100021 3 tcp 0.0.0.0.15.205 nlockmgr superuser
100021 4 tcp 0.0.0.0.15.205 nlockmgr superuser
100002 2 ticots \000\000\020\251 rusersd superuser
100002 3 ticots \000\000\020\251 rusersd superuser
100012 1 udp6 ::.128.43 sprayd superuser
100012 1 udp 0.0.0.0.128.45 sprayd superuser
100012 1 ticlts \000\000\020\257 sprayd superuser
100008 1 udp6 ::.128.50 walld superuser
100099 3 ticotsord fodder.autofs - superuser
100008 1 udp 0.0.0.0.128.52 walld superuser
100008 1 ticlts \000\000\020\266 walld superuser
100001 2 udp6 ::.128.56 rstatd superuser
100001 3 udp6 ::.128.56 rstatd superuser
100001 4 udp6 ::.128.56 rstatd superuser
100001 2 udp 0.0.0.0.128.58 rstatd superuser
100001 3 udp 0.0.0.0.128.58 rstatd superuser
100001 4 udp 0.0.0.0.128.58 rstatd superuser
100001 2 ticlts \000\000\020\301 rstatd superuser
100001 3 ticlts \000\000\020\301 rstatd superuser
100001 4 ticlts \000\000\020\301 rstatd superuser
100083 1 tcp6 ::.128.34 - superuser
100083 1 tcp 0.0.0.0.128.36 - superuser
100221 1 tcp6 ::.128.38 - superuser
100221 1 tcp 0.0.0.0.128.40 - superuser
100235 1 tcp6 ::.128.42 - superuser
100235 1 tcp 0.0.0.0.128.44 - superuser
100134 1 ticotsord \000\000\020\317 - superuser
100234 1 ticotsord \000\000\020\322 - superuser
100146 1 ticotsord \000\000\020\325 - superuser
100147 1 ticotsord \000\000\020\330 - superuser
100150 1 ticotsord \000\000\020\333 - superuser
100068 2 udp 0.0.0.0.128.73 - superuser
100068 3 udp 0.0.0.0.128.73 - superuser
100068 4 udp 0.0.0.0.128.73 - superuser
100068 5 udp 0.0.0.0.128.73 - superuser
300326 4 tcp6 ::.128.52 - superuser
300326 4 tcp 0.0.0.0.128.54 - superuser
100229 1 tcp6 ::.128.56 - superuser
100229 1 tcp 0.0.0.0.128.58 - superuser
100230 1 tcp6 ::.128.60 - superuser
100230 1 tcp 0.0.0.0.128.62 - superuser
300473 1 tcp6 ::.128.64 - superuser
300473 1 tcp 0.0.0.0.128.66 - superuser
100231 1 ticlts fodder.nfsauth - superuser
100231 1 ticotsord fodder.nfsauth - superuser
100231 1 ticots fodder.nfsauth - superuser
100005 1 udp6 ::.128.102 mountd superuser
100005 1 udp 0.0.0.0.128.103 mountd superuser
100005 1 ticlts \000\000\020? mountd superuser
100005 2 udp6 ::.128.102 mountd superuser
100005 2 udp 0.0.0.0.128.103 mountd superuser
100005 2 ticlts \000\000\020? mountd superuser
100005 3 udp6 ::.128.102 mountd superuser
100005 3 udp 0.0.0.0.128.103 mountd superuser
100005 3 ticlts \000\000\020? mountd superuser
100005 1 tcp6 ::.128.73 mountd superuser
100005 1 tcp 0.0.0.0.128.74 mountd superuser
100005 1 ticotsord \000\000\021\020 mountd superuser
100005 1 ticots \000\000\021\023 mountd superuser
100005 2 tcp6 ::.128.73 mountd superuser
100005 2 tcp 0.0.0.0.128.74 mountd superuser
100005 2 ticotsord \000\000\021\020 mountd superuser
100005 2 ticots \000\000\021\023 mountd superuser
100005 3 tcp6 ::.128.73 mountd superuser
100005 3 tcp 0.0.0.0.128.74 mountd superuser
100005 3 ticotsord \000\000\021\020 mountd superuser
100005 3 ticots \000\000\021\023 mountd superuser
100003 2 udp6 ::.8.1 nfs superuser
100003 3 udp6 ::.8.1 nfs superuser
100227 2 udp6 ::.8.1 - superuser
100227 3 udp6 ::.8.1 - superuser
100003 2 tcp6 ::.8.1 nfs superuser
100003 3 tcp6 ::.8.1 nfs superuser
100227 2 tcp6 ::.8.1 - superuser
100227 3 tcp6 ::.8.1 - superuser
100003 2 udp 0.0.0.0.8.1 nfs superuser
100003 3 udp 0.0.0.0.8.1 nfs superuser
100227 2 udp 0.0.0.0.8.1 - superuser
100227 3 udp 0.0.0.0.8.1 - superuser
100003 2 tcp 0.0.0.0.8.1 nfs superuser
100003 3 tcp 0.0.0.0.8.1 nfs superuser
100227 2 tcp 0.0.0.0.8.1 - superuser
100227 3 tcp 0.0.0.0.8.1 - superuser
300598 1 udp6 ::.128.106 - superuser
300598 1 tcp6 ::.128.75 - superuser
300598 1 udp 0.0.0.0.128.107 - superuser
300598 1 tcp 0.0.0.0.128.76 - superuser
300598 1 ticlts \000\000\021N - superuser
300598 1 ticotsord \000\000\021Q - superuser
300598 1 ticots \000\000\021T - superuser
805306368 1 udp6 ::.128.106 - superuser
805306368 1 tcp6 ::.128.75 - superuser
805306368 1 udp 0.0.0.0.128.107 - superuser
805306368 1 tcp 0.0.0.0.128.76 - superuser
805306368 1 ticlts \000\000\021N - superuser
805306368 1 ticotsord \000\000\021Q - superuser
805306368 1 ticots \000\000\021T - superuser
100249 1 udp6 ::.128.108 - superuser
100249 1 tcp6 ::.128.77 - superuser
100249 1 udp 0.0.0.0.128.109 - superuser
100249 1 tcp 0.0.0.0.128.78 - superuser
100249 1 ticlts \000\000\021m - superuser
100249 1 ticotsord \000\000\021p - superuser
100249 1 ticots \000\000\021s - superuser
1289637086 5 tcp 0.0.0.0.130.74 - 101346
1289637086 1 tcp 0.0.0.0.130.74 - 101346
More information about the General
mailing list