SUMMARY: SEAM, pam_krb5.so.1 and failover

From: Heilke, Rainer (Rainer.Heilke@atcoitek.com)
Date: Wed Apr 16 2003 - 15:52:58 EDT

• Next message: Tony Magtalas: "How to install a Sun 9.1 GB disk drive on a old SS4?"
• Previous message: Dave Martini: "SUMMARY: How to tell if machine is 64bit or 32bit?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> -----Original Message-----
> From: Houle, Michael
> Sent: Wednesday, April 16, 2003 1:52 PM
> To: Heilke, Rainer
> Subject: SUMMARY: SEAM, pam_krb5.so.1 and failover
>
> Sorry folks,
>
> I had a hole in my head. the library is contacting both KDC's, but
> somehow it doesn't
> seem to like the answer. If I get an answer later on, I can post
> another summary.
>
> Thanks,
> Mike.
>
> -----Original Message-----
> From: Houle, Michael
> Sent: Tuesday, April 15, 2003 3:17 PM
> To: 'sunmanagers@sunmanagers.org'
> Subject: SEAM, pam_krb5.so.1 and failover
>
> Hi Sun managers,
>
> Anyone heard of this problem with SEAM's pam_krb5.so.1 under Solaris
> 8?
>
> pam_krb5.so.1 doesn't seem to query more than 1 KDC before giving up.
>
> We're doing some fail-over testing and we've noticed that when we
> shutdown
> our primary kdc, pam_krb5.so.1 will not allow users to login. Our
> linux boxes work just
> fine so we know that the secondary kdc has good data and works.
>
> If we temporarily reverse the order of our kdc lines, we can
> authenticate to
> our slave kdc just fine under solaris.
>
> Our krb5.conf is:
>
> [libdefaults]
> clockskew = 5
> ticket_lifetime = 600
> default_realm = TEST.CA
> default_tkt_enctypes = des-cbc-crc
> default_tgs_enctypes = des-cbc-crc
>
> [realms]
> TEST.CA = {
> kdc = kerberos.test.ca:88
> kdc = kerberos-1.test.ca:88
> admin_server = kerberos.test.ca:749
> kpasswd_protocol = SET_CHANGE
> default_domain = test.ca
> }
>
> [domain_realm]
> .test.ca = TEST.CA
> test.ca = TEST.CA
>
> [appdefaults]
> kinit = {
> renewable = false
> forwardable= true
> }
>
> List steps to reproduce problem (if applicable):
> 1 shutdown primary KDC (kerberos.test.ca)
> 2 try to telnet to box and enter password.
>
> authentication fails. When the primary KDC is back online,
> authentication
> succeeds.
>
> Thanks, and I will post a summary as soon as I can.
> Mike.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Tony Magtalas: "How to install a Sun 9.1 GB disk drive on a old SS4?"
• Previous message: Dave Martini: "SUMMARY: How to tell if machine is 64bit or 32bit?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:12 EDT