SUMMARY: Kerberos 5 SEAM W2K ADS question

From: Janis Lykakis <Janis.Lykakis_at_asa-ehv.ce.philips.com>
Date: Mon Jan 14 2002 - 03:12:05 EST
Hi all,

Don't know what happened to my first mail, but most of the text
was removed, let's try again:

Both Jeff Horwitz and Jason Heiss answered within hours.
Both answers were correct, so thank you very very much:

>that's an easy fix.  uncomment the following line in inetd.conf:
>
>100134/1  tli  rpc/ticotsord  wait  root  /usr/lib/krb5/ktkt_warnd  ktkt_warnd
>
>then kill -HUP inetd and the errors should go away.
>
>-jeff


>The SEAM pam_krb5 module wants to register your login with
>ktkt_warnd so that it can warn you when your ticket is about to
>expire.  You probably commented it out of inetd.conf.  You can
>either uncomment it or live with the warning.  :)
>
>Jason

--------------------------------------------------------------------
Original Question:

I have a solaris 8 server. I installed SEAM on it.
We have a W2K Active Directory server.
The Solaris server also runs NIS.

I remove the passwd from the NIS passwd file:

user1:*:35000:4300:W2K test:/home/user1:/bin/csh

I configured krb5 (KDC = W2K server)

I configured PAM like this:
login   auth sufficient         /usr/lib/security/$ISA/pam_unix.so.1 debug
login   auth optional           /usr/lib/security/$ISA/pam_krb5.so.1 debug 
try_first_pass
rlogin  auth sufficient         /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth sufficient         /usr/lib/security/$ISA/pam_unix.so.1
rlogin  auth optional           /usr/lib/security/$ISA/pam_krb5.so.1 
try_first_pass
#
dtlogin auth sufficient         /usr/lib/security/$ISA/pam_unix.so.1
dtlogin auth optional           /usr/lib/security/$ISA/pam_krb5.so.1 
try_first_pass
#
rsh     auth sufficient         /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth sufficient         /usr/lib/security/$ISA/pam_unix.so.1
other   auth optional           /usr/lib/security/$ISA/pam_krb5.so.1 
try_first_pass

Next, from another machine I logon to the kerberized box:

rlogin server1 -l user1
Password: 
localhost: RPC: Program not registered
Last login: Fri Jan 11 15:35:04 from ......

klist shows that I have a tgt:
Ticket cache: /tmp/krb5cc_35000
Default principal: user1@blablabla

Valid starting                       Expires                       Service 
principal
Fri Jan 11 15:40:05 2002  Sat Jan 12 01:40:05 2002  krbtgt/blablabla@blablabla
        renew until Fri Jan 18 15:40:05 2002


(blablabla = default_realm)

What does the message:

localhost: RPC: Program not registered

mean? i.e. in this context?

Any help will be greatly appreciated.
--------------------------------------------------------------------

Janis Lykakis
------------------------------------------------------------
Janis Lykakis.      E-mail: janis.lykakis@asa-ehv.ce.philips.com
NCR Unix Consultant
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Jan 22 17:57:43 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:32 EST