On Wed, Sep 10, 2008 at 02:14:19PM -0500, Douglas E. Engert wrote:
> Chavez, James R. wrote:
> > Doug, Thanks for the reply.
> > I am actually using kerberos for authenticating logins through ssh.
> > Because I had no DNS entry for this Solaris box I was getting the
> > following debug output from pam_krb5.
> >
> > Aug 26 10:24:21 solaris1.example.com sshd[1147]: [ID 537602 auth.error]
> > PAM-KRB5 (auth): krb5_verify_init_creds failed:
> > Hostname cannot be canonicalized.

>
> This sounds like the sshd can not determine its FQDN. A host should
> be able to determine its name without DNS.


This is coming from krb5_sname_to_principal(), which is called from
krb5_verify_init_creds(), which is called from pam_krb5am_sm_authenticate().

Solaris Kerberos specifically requires DNS to be configured.

Nico
--