FOLLOWUP: New SEAM/Kerberos error since patching

From: Debbie Tropiano (debbie@icus.com)
Date: Mon Jul 12 2004 - 14:32:22 EDT

• Next message: jrothenanger@web.de: "Warning message at boot time"
• Previous message: bkc777@comcast.net: "SunCluster Question"
• In reply to: Debbie Tropiano: "New SEAM/Kerberos error since patching"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Folks -

Well, we installed that patch (112908-13) and while it did fix the
problems noted in the patch report on sunsolve, it did nothing to
fix our sudo problem. I also contacted sun online support and they
were unable to help since OpenSSH, OpenSSL and sudo are all open
source utilities (even tho' Sun does not provide kerberized versions
of these utilities yet).

So we still have the problem and are still looking for a solution.

Debbie

My original message:
> We applied a bunch of Solaris 9 patches last week including
> 112908-12 which seems to have some unfortunate side effects.
> We've hit one mentioned in the 112908-13 patch report and
> are wondering about another SEAM/Kerberos problem we've seen.
>
> Starting this weekend (after those patches were applied), some
> but not all users we're now getting the error in the kdc log file:
>
> Jul 04 00:37:07 draco krb5kdc[569](info): AS_REQ 10.1.6.1(88): CLIENT_NOT_FOUND:
> sshd@MSN for krbtgt/MSN@MSN, Client not found in Kerberos database
>
> when they try to use sudo. There is (and shouldn't be) an sshd principal.
>
> (Note: To work properly with SEAM/Kerberos and PAM, we're using sudo 1.6.7
> as well as OpenSSH 3.8p1 and OpenSSL 0.9.7d.)
>
> Could this also be a side effect of that bad patch? Has anyone else
> seen this type of thing before? What's weird is that myself and some
> others can run sudo just fine while other users (with the same setup
> -- /etc/profile) cannot do so.

-- 
+ Debbie Tropiano -- debbie@icus.com -- http://www.icus.com/personal.html  +
| Mommy to   Nathan b: 8/17/1995,   ^Sara^ b: 10/25/2000 d: 11/7/2000   &  |
| Leah b: 10/17/2001 a: 9/26/2002 "God shows His opposition to cancer and  |
| birth defects, not by eliminating them or making them happen only to bad |
| people (He can't do that), but by summoning forth friends and neighbors  |
+ to ease the burden and to fill the emptiness."     -- Harold S. Kushner  +
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: jrothenanger@web.de: "Warning message at boot time"
• Previous message: bkc777@comcast.net: "SunCluster Question"
• In reply to: Debbie Tropiano: "New SEAM/Kerberos error since patching"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:29:04 EDT