From gmachado@cbpf.br Wed Nov 1 13:45:47 2000 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id NAA03404 for ; Wed, 1 Nov 2000 13:45:47 -0500 (EST) Received: from cbpfsu1.cat.cbpf.br by MIT.EDU with SMTP id AA22276; Wed, 1 Nov 00 13:29:58 EST Received: from mesonka ([152.84.253.43]) by cat.cbpf.br (8.9.3/8.9.3) with SMTP id QAA11790 for ; Wed, 1 Nov 2000 16:14:34 -0200 (EDT) Message-Id: <001601c04430$d45c1f60$2bfd5498@cat.cbpf.br> Date: Wed, 1 Nov 2000 16:23:27 -0200 From: "Gustavo" To: Subject: KRB5_REALM_UNKNOWN: Cannot find KDC for requested realm >Number: 900 >Category: pending >Synopsis: Cannot find KDC for requested realm=20 >Confidential: yes >Severity: non-critical >Priority: low >Responsible: gnats-admin >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Wed Nov 1 13:46:00 EST 2000 >Last-Modified: Thu Apr 4 17:23:53 EST 2002 >Originator: Gustavo Pinheiro Machado >Organization: CBPF >Release: 5-1.2.1 >Environment: Sun SPARCstation 4 Solaris 2.8 System: Solaris 2.8 RISC Machine:=20 >Description: Cannot find KDC for requested realm=20 >How-To-Repeat: etc/krb5kdc.conf -------------------------------------------------------------------------= ------------------------------------------ [libdefaults] ticket_lifetime =3D 600 default_realm =3D CAT.CBPF.BR=20 default_tkt_enctypes =3D des3-hmac-sha1 des-cbc-crc default_tgs_enctypes =3D des3-hmac-sha1 des-cbc-crc [kdc] profile =3D /usr/local/var/krb5kdc/kdc.conf [realms] CAT.CBPF.BR =3D { kdc =3D marte.cat.cbpf.br:88 admin_server =3D marte.cat.cbpf.br:749 default_domain =3D cat.cbpf.br } [domain_realms] .cat.cbpf.br =3D CAT.CBPF.BR cat.cbpf.br =3D CAT.CBPF.BR =20 [logging] kdc =3D FILE:/var/log/krb5kdc.log admin_server =3D FILE:/var/log/kadmin.log default =3D FILE/var/log/krb5lib.log =20 kdc_rotate =3D { # How often to rotate kdc.log. Logs will get rotated no more # often than the period, and less often if the KDC is not used # frequently. period =3D 1d # how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, = ...) versions =3D 10 } [appdefaults] kinit =3D { renewable =3D true forwardable=3D true } -------------------------------------------------------------------------= ---------------------------------------------- /usr/local/var/krb5kdc/kdc.conf -------------------------------------------------------------------------= ----------------------------------------------- [kdcdefaults] kdc_ports =3D 749,88 [realms] CAT.CBPF.BR =3D { profile =3D /etc/krb5.conf database_name =3D /usr/local/var/krb5kdc/principal admin_keytab =3D /usr/local/var/krb5kdc/kadm5.keytab acl_file =3D /usr/local/var/krb5kdc/kadm5.acl key_stash_file =3D /usr/local/var/krb5kdc/.k5.cat.cbpf.br max_life =3D 10h 0m 0s max_renewable_life =3D 7d 0h 0m 0s master_key_type =3D des-cbc-crc supported_enctypes =3D des-cbc-crc:normal des:normal des:v4 = des:norealm des:onlyrealm des:afs3 } -------------------------------------------------------------------------= ---------------------------------------------------------------- etc/services -------------------------------------------------------------------------= ---------------------------------------------------------------- #ident "@(#)services 1.24 99/07/18 SMI" /* SVr4.0 1.8 */ # # Network services, Internet style # tcpmux 1/tcp echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users daytime 13/tcp daytime 13/udp netstat 15/tcp chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp 21/tcp telnet 23/tcp smtp 25/tcp mail time 37/tcp timserver time 37/udp timserver name 42/udp nameserver whois 43/tcp nicname # usually to sri-nic domain 53/udp domain 53/tcp bootps 67/udp # BOOTP/DHCP server bootpc 68/udp # BOOTP/DHCP client kerberos 88/udp kdc # Kerberos 5 KDC kerberos 88/tcp kdc # Kerberos 5 KDC hostnames 101/tcp hostname # usually to sri-nic pop2 109/tcp pop-2 # Post Office Protocol - V2 pop3 110/tcp # Post Office Protocol - Version 3 sunrpc 111/udp rpcbind sunrpc 111/tcp rpcbind imap 143/tcp imap2 # Internet Mail Access Protocol v2 ldap 389/tcp # Lightweight Directory Access Protocol=20 ldap 389/udp # Lightweight Directory Access Protocol ldaps 636/tcp # LDAP protocol over TLS/SSL (was sldap) ldaps 636/udp # LDAP protocol over TLS/SSL (was sldap) # # Host specific functions # tftp 69/udp rje 77/tcp finger 79/tcp link 87/tcp ttylink supdup 95/tcp iso-tsap 102/tcp x400 103/tcp # ISO Mail x400-snd 104/tcp csnet-ns 105/tcp pop-2 109/tcp # Post Office uucp-path 117/tcp nntp 119/tcp usenet # Network News Transfer ntp 123/tcp # Network Time Protocol ntp 123/udp # Network Time Protocol netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp # NETBIOS Name Service netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp # NETBIOS Datagram Service netbios-ssn 139/tcp # NETBIOS Session Service netbios-ssn 139/udp # NETBIOS Session Service NeWS 144/tcp news # Window System slp 427/tcp slp # Service Location Protocol, V2 slp 427/udp slp # Service Location = Protocol, V2 cvc_hostd 442/tcp # Network Console # # UNIX specific services # # these are NOT officially assigned # exec 512/tcp login 513/tcp shell 514/tcp cmd # no passwords used printer 515/tcp spooler # line printer spooler courier 530/tcp rpc # experimental uucp 540/tcp uucpd # uucp daemon biff 512/udp comsat who 513/udp whod syslog 514/udp talk 517/udp route 520/udp router routed ripng 521/udp klogin 543/tcp # Kerberos authenticated rlogin kshell 544/tcp krcmd # Kerberos authenticated remote shell ktelnet 545/tcp # Kerberized telnet kftp-data 546/tcp # Kerberized ftp data kftp 547/tcp # Kerberized ftp new-rwho 550/udp new-who # experimental rmonitor 560/udp rmonitord # experimental monitor 561/udp # experimental pcserver 600/tcp # ECD Integrated PC board srvr kerberos-adm 749/tcp # Kerberos V5 Administration kerberos-adm 749/udp # Kerberos V5 Administration kerberos 750/udp kdc # Kerberos key server kerberos 750/tcp kdc # Kerberos key server krb5_prop 754/tcp # Kerberos V5 KDC propogation kpasswd 761/tcp kpwd # Kerberos "passwd" -kfall ufsd 1008/tcp ufsd # UFS-aware server ufsd 1008/udp ufsd cvc 1495/tcp # Network Console ingreslock 1524/tcp www-ldap-gw 1760/tcp # HTTP to LDAP gateway www-ldap-gw 1760/udp # HTTP to LDAP gateway listen 2766/tcp # System V listener port nfsd 2049/udp nfs # NFS server daemon (clts) nfsd 2049/tcp nfs # NFS server daemon (cots) eklogin 2105/tcp # Kerberos encrypted rlogin lockd 4045/udp # NFS lock daemon/manager lockd 4045/tcp dtspc 6112/tcp # CDE subprocess control fs 7100/tcp # Font server ## Kerberos -------------------------------------------------------------------------= ------------------------------------------------------- etc/inetd.conf -------------------------------------------------------------------------= ------------------------------------------------------- # #pragma ident "@(#)inetd.conf 1.38 99/08/27 SMI" /* SVr4.0 1.5 */ # # # Configuration file for inetd(1M). See inetd.conf(4). # # To re-configure the running inetd process, edit this file, then # send the inetd process a SIGHUP. # # Syntax for socket-based Internet services: # = # # Syntax for TLI-based Internet services: # # tli # # Ftp and telnet are standard Internet services. # #ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd #telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telnetd telnet stream tcp nowait root /usr/local/sbin/telnetd telnetd -a valid # # Tnamed serves the obsolete IEN-116 name server protocol. # #name dgram udp wait root /usr/sbin/in.tnamed in.tnamed # # Shell, login, exec, comsat and talk are BSD protocols. # #shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd #login stream tcp6 nowait root /usr/sbin/in.rlogind in.rlogind #exec stream tcp6 nowait root /usr/sbin/in.rexecd in.rexecd #comsat dgram udp wait root /usr/sbin/in.comsat in.comsat #talk dgram udp wait root /usr/sbin/in.talkd in.talkd # # Must run as root (to read /etc/shadow); "-n" turns off logging in = utmp/wtmp. # uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd # # Tftp service is provided primarily for booting. Most sites run this # only on machines acting as "boot servers."=20 # #tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot # # Finger, systat and netstat give out user information which may be # valuable to potential "system crackers." Many sites choose to disable = # some or all of these services to improve security. # #finger stream tcp6 nowait nobody /usr/sbin/in.fingerd in.fingerd #systat stream tcp nowait root /usr/bin/ps ps -ef #netstat stream tcp nowait root /usr/bin/netstat netstat -f inet # # Time service is used for clock synchronization. # time stream tcp6 nowait root internal time dgram udp6 wait root internal #=20 # Echo, discard, daytime, and chargen are used primarily for testing. # #echo stream tcp6 nowait root internal #echo dgram udp6 wait root internal #discard stream tcp6 nowait root internal #discard dgram udp6 wait root internal #daytime stream tcp6 nowait root internal #daytime dgram udp6 wait root internal #chargen stream tcp6 nowait root internal #chargen dgram udp6 wait root internal # # # RPC services syntax: # / rpc/ \ # # # can be either "tli" or "stream" or "dgram". # For "stream" and "dgram" assume that the endpoint is a socket = descriptor. # can be either a nettype or a netid or a "*". The value is # first treated as a nettype. If it is not a valid nettype then it is # treated as a netid. The "*" is a short-hand way of saying all the # transports supported by this system, ie. it equates to the "visible" # nettype. The syntax for is: # *||{[,]} # For example:=20 # dummy/1 tli rpc/circuit_v,udp wait root /tmp/test_svc test_svc # # Solstice system and network administration class agent server #100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind # # Rquotad supports UFS disk quotas for NFS clients # #rquotad/1 tli rpc/datagram_v wait root /usr/lib/nfs/rquotad rquotad # # The rusers service gives out user information. Sites concerned # with security may choose to disable it. # #rusersd/2-3 tli rpc/datagram_v,circuit_v wait root = /usr/lib/netsvc/rusers/rpc.rusersd rpc.rusersd # # The spray server is used primarily for testing. # #sprayd/1 tli rpc/datagram_v wait root /usr/lib/netsvc/spray/rpc.sprayd = rpc.sprayd # # The rwall server allows others to post messages to users on this = machine. # #walld/1 tli rpc/datagram_v wait root /usr/lib/netsvc/rwall/rpc.rwalld = rpc.rwalld # # Rstatd is used by programs such as perfmeter. # rstatd/2-4 tli rpc/datagram_v wait root = /usr/lib/netsvc/rstat/rpc.rstatd rpc.rstatd # # The rexd server provides only minimal authentication and is often not = run # #rexd/1 tli rpc/tcp wait root /usr/sbin/rpc.rexd rpc.rexd # # rpc.cmsd is a data base daemon which manages calendar data backed # by files in /var/spool/calendar # # # Sun ToolTalk Database Server # #100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd = rpc.ttdbserverd # # UFS-aware service daemon # #ufsd/1 tli rpc/* wait root /usr/lib/fs/ufs/ufsd ufsd -p # # Sun KCMS Profile Server # 100221/1 tli rpc/tcp wait root /usr/openwin/bin/kcms_server kcms_server # # Sun Font Server # fs stream tcp wait nobody /usr/openwin/lib/fs.auto fs # # CacheFS Daemon # 100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefs/cachefsd cachefsd # # Kerberos V5 Warning Message Daemon #=20 100134/1 tli rpc/ticotsord wait root /usr/lib/krb5/ktkt_warnd ktkt_warnd # Limited Kerberos services # klogin stream tcp nowait root /usr/local/sbin/klogind klogind -k -c krb5_prop stream tcp nowait root /usr/local/sbin/kpropd kpropd eklogin stream tcp nowait root /usr/local/sbin/klogind klogind -k -c = -e kshell stream tcp nowait root /usr/local/sbin/kshd kshd -k -c -A # # Print Protocol Adaptor - BSD listener # printer stream tcp6 nowait root /usr/lib/print/in.lpd in.lpd # # GSS Daemon # 100234/1 tli rpc/ticotsord wait root /usr/lib/gss/gssd gssd=20 dtspc stream tcp nowait root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd #100068/2-5 dgram rpc/udp wait root /usr/dt/bin/rpc.cmsd rpc.cmsd -------------------------------------------------------------------------= ------------------------------------------------------- cd /usr/local/var/krb5kdc # /usr/local/sbin/kadmin.local Authenticating as principal root/admin@CAT.CBPF.BR with password. kadmin.local: listprincs K/M@CAT.CBPF.BR admin/admin@CAT.CBPF.BR host/marte.cat.cbpf.br@CAT.CBPF.BR kadmin/admin@CAT.CBPF.BR kadmin/changepw@CAT.CBPF.BR kadmin/history@CAT.CBPF.BR krbtgt/CAT.CBPF.BR@CAT.CBPF.BR kadmin.local: =20 kinit admin Password for admin@cat.cbpf.br :=20 kinit: Cannot find KDC for requested realm while getting initial = credentials -------------------------------------------------------------------------= --------------------------------------------------------------- >Fix: How do I correct this? What's wrong? How can I integrate Nis+ domain and Kerberos KDC? Here we have a = Nis+ domain running on a Sun Ultra Entreprise Solaris 2.6 with almost = 400 user accounts, hosts and services. We plan to use Kerberos as an = authentication server for some apps. We don't need to type all 400 user = accounts on Kerberos KDC. Is it ok? How can Kerberos read this = information? Thanks, Gustavo ------=_NextPart_000_0013_01C04420.108CF790 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
>Submitter-Id: 
>Originator: Gustavo = Pinheiro=20 Machado
>Organization: =20 CBPF
>Confidential: yes
> reply to: gmachado@imagelink.com.br>Synopsis: Cannot=20 find KDC for requested realm=20
>Severity: critical
>Priority: high
>Categor= y: krb5
>Class:  
>Release: 5-1.2.1
&g= t;Environment:
    =20         Sun SPARCstation 4
       =20     Solaris 2.8
System: Solaris 2.8 = RISC
Machine:=20
>Description:
       =20     Cannot find KDC for requested realm
>How-To-Repeat:
   =20             =    =20         = etc/krb5kdc.conf
----------------------------------------------------------------= ---------------------------------------------------
[libdefaults]
 ticket_lifetime = =3D=20 600
        default_realm =3D = CAT.CBPF.BR=20
        default_tkt_enctypes =3D=20 des3-hmac-sha1 des-cbc-crc
        = default_tgs_enctypes =3D des3-hmac-sha1 des-cbc-crc
 
[kdc]
 profile =3D=20 /usr/local/var/krb5kdc/kdc.conf
[realms]
    &n= bsp; =20  CAT.CBPF.BR =3D=20 {
           &n= bsp;   =20 kdc =3D marte.cat.cbpf.br:88
  admin_server =3D=20 marte.cat.cbpf.br:749
  default_domain =3D=20 cat.cbpf.br
        }
 
[domain_realms]
 .cat.cbpf.br = =3D=20 CAT.CBPF.BR
 cat.cbpf.br =3D=20 CAT.CBPF.BR
  
[logging]
 kdc =3D=20 FILE:/var/log/krb5kdc.log
 admin_server =3D=20 FILE:/var/log/kadmin.log
        = default =3D=20 FILE/var/log/krb5lib.log
       =20
 kdc_rotate =3D {
 
# How often to rotate kdc.log. Logs = will get=20 rotated no more
# often than the period, and less often if the KDC is = not=20 used
# frequently.
 
  period =3D 1d
 
# how many versions of kdc.log to keep = around=20 (kdc.log.0, kdc.log.1, ...)
 
  versions =3D = 10
 }
[appdefaults]
 kinit =3D=20 {
  renewable =3D true
  forwardable=3D=20 true
 }
----------------------------------------------------------------= -------------------------------------------------------
       =20             =    =20        =20 /usr/local/var/krb5kdc/kdc.conf
----------------------------------------------------------------= --------------------------------------------------------
[kdcdefaults]
 kdc_ports =3D=20 749,88
 
[realms]
 CAT.CBPF.BR =3D=20 {
  profile =3D /etc/krb5.conf
  database_name = =3D=20 /usr/local/var/krb5kdc/principal
  admin_keytab =3D=20 /usr/local/var/krb5kdc/kadm5.keytab
  acl_file =3D=20 /usr/local/var/krb5kdc/kadm5.acl
  key_stash_file =3D=20 /usr/local/var/krb5kdc/.k5.cat.cbpf.br
  max_life =3D 10h = 0m=20 0s
  max_renewable_life =3D 7d 0h 0m=20 0s
  master_key_type =3D=20 des-cbc-crc
  supported_enctypes =3D des-cbc-crc:normal = des:normal=20 des:v4 des:norealm des:onlyrealm=20 des:afs3
 }
--------------------------------------------------= -------------------------------------------------------------------------= --------------
       =20             =    =20        etc/services
----------------------------------------------------------------= -------------------------------------------------------------------------=
#ident "@(#)services 1.24 99/07/18=20 SMI" /* SVr4.0 1.8 */
#
# Network services, Internet=20 style
#
tcpmux  1/tcp
echo  7/tcp
echo&nb= sp; 7/udp
discard  9/tcp  sink=20 null
discard  9/udp  sink=20 null
systat  11/tcp  users
daytime  1= 3/tcp
daytime  13/udp
netstat  15/tcp
charge= n  19/tcp  ttytst=20 source
chargen  19/udp  ttytst=20 source
ftp-data 20/tcp
ftp  21/tcp
telnet &n= bsp;23/tcp
smtp  25/tcp  mail
time  3= 7/tcp  timserver
time  37/udp  timserver=
name  42/udp  nameserver
whois  43/t= cp  nicname  #=20 usually to=20 sri-nic
domain  53/udp
domain  53/tcp
bootps=   67/udp    #=20 BOOTP/DHCP server
bootpc  68/udp    #=20 BOOTP/DHCP client
kerberos 88/udp  kdc  # = Kerberos 5=20 KDC
kerberos 88/tcp  kdc  # Kerberos 5=20 KDC
hostnames 101/tcp  hostname # usually to=20 sri-nic
pop2  109/tcp  pop-2  # Post = Office=20 Protocol - V2
pop3  110/tcp    # Post = Office=20 Protocol - Version=20 3
sunrpc  111/udp  rpcbind
sunrpc  11= 1/tcp  rpcbind
imap  143/tcp  imap2 = ; #=20 Internet Mail Access Protocol=20 v2
ldap  389/tcp    # Lightweight = Directory=20 Access = Protocol 
ldap  389/udp    #=20 Lightweight Directory Access=20 Protocol
ldaps  636/tcp    # LDAP = protocol over=20 TLS/SSL (was sldap)
ldaps  636/udp    # = LDAP=20 protocol over TLS/SSL (was sldap)
#
# Host specific=20 functions
#
tftp  69/udp
rje  77/tcp
fing= er  79/tcp
link  87/tcp  ttylink
supd= up  95/tcp
iso-tsap 102/tcp
x400  103/tcp&= nbsp;   #=20 ISO=20 Mail
x400-snd 104/tcp
csnet-ns 105/tcp
pop-2 &nbs= p;109/tcp    #=20 Post=20 Office
uucp-path 117/tcp
nntp     &nb= sp;     =20 119/tcp         = usenet  #=20 Network News Transfer
ntp  123/tcp    # = Network=20 Time Protocol
ntp  123/udp    # Network = Time=20 Protocol
netbios-ns 137/tcp    # NETBIOS = Name=20 Service
netbios-ns 137/udp    # NETBIOS Name = Service
netbios-dgm 138/tcp    # NETBIOS = Datagram=20 Service
netbios-dgm 138/udp    # NETBIOS = Datagram=20 Service
netbios-ssn 139/tcp    # NETBIOS = Session=20 Service
netbios-ssn 139/udp    # NETBIOS = Session=20 Service
NeWS  144/tcp  news  # Window=20 System
slp  427/tcp  slp  # Service = Location=20 Protocol,=20 V2
slp          &nbs= p; =20 427/udp        =20 slp           &nbs= p; #=20 Service Location Protocol, = V2
cvc_hostd 442/tcp    #=20 Network Console
#
# UNIX specific services
#
# these are NOT = officially=20 assigned
#
exec  512/tcp
login  513/tcp
s= hell  514/tcp  cmd  #=20 no passwords = used
printer  515/tcp  spooler  #=20 line printer = spooler
courier  530/tcp  rpc  #=20 experimental
uucp  540/tcp  uucpd  # = uucp=20 daemon
biff  512/udp  comsat
who  513= /udp  whod
syslog  514/udp
talk  517/= udp
route  520/udp  router=20 routed
ripng  521/udp
klogin  543/tcp &nbs= p;  #=20 Kerberos authenticated=20 rlogin
kshell  544/tcp  krcmd  # = Kerberos=20 authenticated remote=20 shell
ktelnet  545/tcp    # Kerberized=20 telnet
kftp-data 546/tcp    # Kerberized ftp = data
kftp  547/tcp    # Kerberized=20 ftp
new-rwho 550/udp  new-who  #=20 experimental
rmonitor 560/udp  rmonitord #=20 experimental
monitor  561/udp    #=20 experimental
pcserver 600/tcp    # ECD = Integrated PC=20 board srvr
kerberos-adm 749/tcp    # = Kerberos V5=20 Administration
kerberos-adm 749/udp    # = Kerberos V5=20 Administration
kerberos 750/udp     &nbs= p;  =20 kdc  # Kerberos key=20 server
kerberos 750/tcp  kdc  # Kerberos key = server
krb5_prop 754/tcp    # Kerberos V5 = KDC=20 propogation
kpasswd  761/tcp  kpwd  # = Kerberos=20 "passwd" -kfall
ufsd  1008/tcp ufsd  # = UFS-aware=20 server
ufsd  1008/udp ufsd
cvc  1495/tcp&n= bsp;  #=20 Network Console
ingreslock     =20 1524/tcp
www-ldap-gw 1760/tcp   # HTTP to LDAP=20 gateway
www-ldap-gw 1760/udp   # HTTP to LDAP=20 gateway
listen         =20 2766/tcp           = ;            = =20 # System V listener = port
nfsd  2049/udp nfs  # NFS=20 server daemon (clts)
nfsd  2049/tcp nfs  # = NFS=20 server daemon (cots)
eklogin  2105/tcp   # = Kerberos=20 encrypted rlogin
lockd  4045/udp   # NFS = lock=20 daemon/manager
lockd  4045/tcp
dtspc  6112/tcp&= nbsp;  #=20 CDE subprocess control
fs  7100/tcp   # Font = server
 
##=20 Kerberos
-------------------------------------------------------------= -------------------------------------------------------------------Audit-Trail: State-Changed-From-To: open-feedback State-Changed-By: tlyu State-Changed-When: Wed Jan 24 17:30:11 2001 State-Changed-Why: This is likely due to a trailing space in the "default_realm" variable... State-Changed-From-To: feedback-closed State-Changed-By: hartmans State-Changed-When: Thu Apr 4 17:23:41 2002 State-Changed-Why: Bug unclear; probably user error >Unformatted: >
       =20             =    =20     etc/inetd.conf
----------------------------------------------------------------= ----------------------------------------------------------------
#
#pragma=20 ident "@(#)inetd.conf 1.38 99/08/27 SMI" /* SVr4.0=20 1.5 */
#
#
# Configuration file for inetd(1M).  See=20 inetd.conf(4).
#
# To re-configure the running inetd process, edit = this=20 file, then
# send the inetd process a SIGHUP.
#
# Syntax for=20 socket-based Internet services:
#  <service_name>=20 <socket_type> <proto> <flags> <user>=20 <server_pathname> <args>
#
# Syntax for TLI-based = Internet=20 services:
#
#  <service_name> tli <proto> = <flags>=20 <user> <server_pathname> <args>
#
# Ftp and = telnet are=20 standard Internet=20 services.
#
#ftp stream tcp6 nowait root /= usr/sbin/in.ftpd in.ftpd
#telnet stream tcp6 nowai= t root /usr/sbin/in.telnetd in.telnetd
telnet stre= am tcp nowait root /usr/local/sbin/telnetd telne= td=20 -a valid
#
# Tnamed serves the obsolete IEN-116 name server=20 protocol.
#
#name dgram udp wait root /usr= /sbin/in.tnamed in.tnamed
#
#=20 Shell, login, exec, comsat and talk are BSD=20 protocols.
#
#shell stream tcp6 nowait root&nbs= p;/usr/sbin/in.rshd in.rshd
#login stream tcp6 now= ait root /usr/sbin/in.rlogind in.rlogind
#exec str= eam tcp6 nowait root /usr/sbin/in.rexecd in.rexe= cd
#comsat dgram udp wait root /usr/sbin/in.c= omsat in.comsat
#talk dgram udp wait root&nbs= p;/usr/sbin/in.talkd in.talkd
#
#=20 Must run as root (to read /etc/shadow); "-n" turns off logging in=20 utmp/wtmp.
#
uucp stream tcp nowait root /= usr/sbin/in.uucpd in.uucpd
#
#=20 Tftp service is provided primarily for booting.  Most sites run = this
#=20 only on machines acting as "boot servers."=20
#
#tftp dgram udp6 wait root /usr/sbin/in= .tftpd in.tftpd=20 -s /tftpboot
#
# Finger, systat and netstat give out user = information=20 which may be
# valuable to potential "system crackers."  Many = sites=20 choose to disable
# some or all of these services to improve=20 security.
#
#finger stream tcp6 nowait nobody&n= bsp;/usr/sbin/in.fingerd in.fingerd
#systat stream tcp&= nbsp;nowait root /usr/bin/ps  ps=20 -ef
#netstat stream tcp nowait root /usr/bin/= netstat=20  netstat -f inet
#
# Time service is used for clock=20 synchronization.
#
time stream tcp6 nowait root=  internal
time dgram udp6 wait root inte= rnal
#=20
# Echo, discard, daytime, and chargen are used primarily for=20 testing.
#
#echo stream tcp6 nowait root i= nternal
#echo dgram udp6 wait root internal#discard stream tcp6 nowait root internal
#= discard dgram udp6 wait root internal
#daytim= e stream tcp6 nowait root internal
#daytime&n= bsp;dgram udp6 wait root internal
#chargen st= ream tcp6 nowait root internal
#chargen dgram=  udp6 wait root internal
#
#
#=20 RPC services syntax:
#  <rpc_prog>/<vers>=20 <endpoint-type> rpc/<proto> <flags> <user> = \
# =20 <pathname> <args>
#
# <endpoint-type> can be = either=20 "tli" or "stream" or "dgram".
# For "stream" and "dgram" assume that = the=20 endpoint is a socket descriptor.
# <proto> can be either a = nettype or a=20 netid or a "*". The value is
# first treated as a nettype. If it is = not a=20 valid nettype then it is
# treated as a netid. The "*" is a = short-hand way of=20 saying all the
# transports supported by this system, ie. it equates = to the=20 "visible"
# nettype. The syntax for <proto>=20 is:
# *|<nettype|netid>|<nettype|netid>{[,<nettype= |netid>]}
#=20 For example:
#=20 dummy/1 tli rpc/circuit_v,udp wait root /tmp/tes= t_svc test_svc
#
#=20 Solstice system and network administration class agent=20 server
#100232/10 tli rpc/udp wait root=20 /usr/sbin/sadmind sadmind
#
# Rquotad supports UFS disk = quotas for=20 NFS clients
#
#rquotad/1 tli rpc/datagram_v wait = root=20 /usr/lib/nfs/rquotad rquotad
#
# The rusers service gives out = user=20 information.  Sites concerned
# with security may choose to = disable=20 it.
#
#rusersd/2-3 tli rpc/datagram_v,circuit_v wait= root=20 /usr/lib/netsvc/rusers/rpc.rusersd rpc.rusersd
#
# The spray = server=20 is used primarily for=20 testing.
#
#sprayd/1 tli rpc/datagram_v wait root=20 /usr/lib/netsvc/spray/rpc.sprayd rpc.sprayd
#
# The rwall = server=20 allows others to post messages to users on this=20 machine.
#
#walld/1  tli rpc/datagram_v wait = root=20 /usr/lib/netsvc/rwall/rpc.rwalld rpc.rwalld
#
# Rstatd is = used by=20 programs such as perfmeter.
#
rstatd/2-4 tli  =20 rpc/datagram_v wait root /usr/lib/netsvc/rstat/rpc.rstatd = rpc.rstatd
#
#=20 The rexd server provides only minimal authentication and is often not=20 run
#
#rexd/1         = =20 tli  rpc/tcp wait root /usr/sbin/rpc.rexd    =20 rpc.rexd
#
# rpc.cmsd is a data base daemon which manages calendar = data=20 backed
# by files in /var/spool/calendar
#
#
# Sun ToolTalk = Database=20 Server
#
#100083/1 tli rpc/tcp wait root=20 /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd
#
# UFS-aware service=20 daemon
#
#ufsd/1 tli rpc/* wait root /usr/= lib/fs/ufs/ufsd ufsd=20 -p
#
# Sun KCMS Profile=20 Server
#
100221/1 tli rpc/tcp wait root=20 /usr/openwin/bin/kcms_server kcms_server
#
# Sun Font=20 Server
#
fs  stream tcp wait nobody=20 /usr/openwin/lib/fs.auto fs
#
# CacheFS = Daemon
#
100235/1 tli=20 rpc/tcp wait root /usr/lib/fs/cachefs/cachefsd cachefsd
#
# = Kerberos V5=20 Warning Message Daemon
#=20
100134/1 tli rpc/ticotsord wait root /usr/li= b/krb5/ktkt_warnd=20 ktkt_warnd
# Limited Kerberos = services
#
klogin   =20 stream tcp nowait root /usr/local/sbin/klogind klogind -k = -c
krb5_prop stream=20 tcp nowait root /usr/local/sbin/kpropd kpropd
eklogin   = stream tcp=20 nowait root /usr/local/sbin/klogind klogind -k -c = -e
kshell  =20 stream tcp nowait root /usr/local/sbin/kshd kshd -k -c -A
#
# = Print=20 Protocol Adaptor - BSD=20 listener
#
printer  stream tcp6 nowait roo= t /usr/lib/print/in.lpd in.lpd
#
#=20 GSS=20 Daemon
#
100234/1 tli rpc/ticotsord wait root&n= bsp;/usr/lib/gss/gssd=20 gssd
dtspc stream tcp nowait root /usr/dt/bin/dtspcd=20 /usr/dt/bin/dtspcd
#100068/2-5 dgram rpc/udp wait root = /usr/dt/bin/rpc.cmsd=20 rpc.cmsd
-------------------------------------------------------------= -------------------------------------------------------------------
 
cd /usr/local/var/krb5kdc
#=20 /usr/local/sbin/kadmin.local
Authenticating as principal root/admin@CAT.CBPF.BR with=20 password.
kadmin.local:  listprincs
K/M@CAT.CBPF.BR
admin/admin@CAT.CBPF.BR
host/marte.cat.cbpf.br= @CAT.CBPF.BR
kadmin/admin@CAT.CBPF.BR
= kadmin/changepw@CAT.CBPF.BR
kadmin/history@CAT.CBPF.BR=
krbtgt/CAT.CBPF.BR@CAT.CBP= F.BR
kadmin.local: =20
 

kinit admin
Password for admin@cat.cbpf.br :
kinit: = Cannot find=20 KDC for requested realm while getting initial=20 credentials
----------------------------------------------------------= -------------------------------------------------------------------------= -----
>Fix:
       =20 How do I correct this? What's wrong?
        = How can I=20 integrate Nis+ domain and Kerberos KDC? Here we have a Nis+ domain = running on a=20 Sun Ultra Entreprise Solaris 2.6 with almost 400 user accounts, hosts = and=20 services. We plan to use Kerberos as an authentication server for = some=20 apps. We don't need to type all 400 user accounts on Kerberos KDC. Is it = ok? How=20 can Kerberos read this information?
 
Thanks,
 
Gustavo
------=_NextPart_000_0013_01C04420.108CF790-- This is a multi-part message in MIME format. ------=_NextPart_000_0013_01C04420.108CF790 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable > reply to: gmachado@imagelink.com.br