Thanks for the response. I've forwarded this to the person working on
the problem, and see if it tweaks anything, or gives him another avenue
of thought to add to what he's done.

Rainer

> -----Original Message-----
> From: Ian Grant [mailto:ian.grant@cl.cam.ac.uk]
> Sent: Thursday, May 19, 2005 8:49 AM
> To: Heilke, Rainer
> Cc: kerberos@mit.edu
> Subject: Re: MIT 1.4.1 and Solaris 10 SEAM kadmin
>
>
> > We heard that krb5-1.4.x would support the protocol (RPCSEC_GSS ?)
> > necessary to allow a Solaris 10 kadmin client to work with an MIT
> > kadmind.
> >
> > We tried upgrading our MIT server to 1.4.1 and we still

> cannot get it to
> > work.
> >
> > We also heard that you need to add a principal of the form:
> > kadmin/kdc_name
> >
> > I was unable to get clarification on the format of kdc_name. We've
> > tried:
> >
> > kadmin/hostname.domain

>
> This should be added automatically/ The hostname should be the
> canonical fqdn of the KDC (i.e. not a CNAME)
>
> > kadmin/hostname
> > kadmin/cname (our cname for our kerberos server is 'kerberos' )
> >
> > Nothing made a difference.

>
> We are trying the same: Solaris 10 kadmin client talking to MIT 1.4
> kadmind. We use a command like
>
> kadmin -p princ/admin
>
> We are prompted for the password. On entering it we see in
> the kdc logs
> that authentication happens:
>
> May 19 11:34:44 ***** krb5kdc[16731](info): AS_REQ (5 etypes {17 16 23
> 3 1 }) xxx.xxx.xxx.xxx: ISSUE: authtime 1116498884, etypes {rep=16
> tkt=16 ses=16}, princ/admin@MY.DOMAIN for kadmin/kdc.fdn@MY.DOMAIN
>
> But the kadmin client responds:
>
> kadmin: GSS-API (or Kerberos) error while initializing kadmin
> interface
>
> It seems you get further than we do!
>


________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos