On Wed, May 21, 2008 at 12:27:27PM -0400, Jeff Blaine wrote:
> Will, you're a little too helpful I'm not ready to reply
> to the list and provide the summary of what the solution to
> my original post was. Strange that you are ... for me!
>
> A bit premature.
>
> Using short hostnames did not solve the problem.


Yes, I may have been mistaken here (I've just posted more about this in
another message on this thread).

> Fixing /var/krb5 on the single box that was missing it
> did not solve the problem.


But this solved the problem of doing a NFS sec=krb5 mount on barnowl
itself, yes?

> The problem is not solved.
>
> And replying to your last email to me (which was not sent
> to the list), pkgchk -n shows absolutely nothing of any
> relevance to the problem. These are not hackish boxes
> in random unknown states with 20 admins screwing around
> with them weekly. They're jumpstarted, patched at that
> time with the Recommended cluster, no users have root
> privs, and skew is overridden nightly via cfengine.


But on the one system, barnowl, that you sent me the output of krb-diag
show the box to be misconfigured in that several directories created by
installing the Solaris Kerberos packages did not exist. Those
directories can only be removed with root privilege. In addition,
/usr/bin/kpassswd was deleted. In general, it is not advisable to make
such changes to a Solaris system and expect it to work properly.

--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/