kerberos authent

[vgaudin]

when I use the ommergekeys /root/scalix-ual.keytab
on an suse 9.3 pro to setup the single sign-on

the command give me a strange ktutil prompt lookling like ktutil :

what is wrong ?

[ScalixSupport]

Hello,

Sorry for the delay in responding to your post. This problem might have something to do with the fact that Scalix (prior to 9.4.2) only supports SuSE 9.3 Pro for eval purposes only. That is, most functionality should work, but no official testing was done by Scalix.

Can you tell me how you created the keytab, and what version of kerberos is installed?

rpm -qa | grep heimdal

Regards,

Matthew
Support

[vgaudin]

ok no pb foir the delay.

I have done exactly like the chapter 18 of the administration guide.windows 2000 ressource kit using ktpass command.

the file has been transfered by ftp on the linux server.

but the command ommerkeys /root/scalix-ualm.keytab
return
ktutil:

the rpm -qa |grep heimdal give me nothing.

searching on the yast control center for an package containing "heimdal" but nothing ???

[vgaudin]

ok somes progress :

before the problem I was unsing the :
krb5
krb5-apps-clients
krb5-apps-servers
krb5-client
krb5-devel
krb5-devel-static
krb5-doc
krb5-server
krbafs
pam_krb5

but look on your answer and I have downloaded heimal source and compile it.

and it's okay ..

so ..
could it work with the default suse package ?

[ScalixSupport]

So, just to be clear, have you successfully run ommergekeys?

It probably should/could work with the default krb5 implementation, but I notice that you are indeed missing "krb5-libs".

Regards,

Matthew
Support

[florian]

the problem might also be on our side.... suse professional versions before 9.3 used the Heimdal Kerberos implementation while SuSE Pro 9.3 uses MIT, which is the same as RedHat.

I haven't had time to try this, but it might be that the ommergekeys command - which is actually a script - detects the system to be SuSE and uses Heimdal syntax, but should actually rather behave like on a RedHat system - which uses MIT Kerberos.

Maybe, for the time being, could you check what the ommergekeys script does yourself (same for omkrbconf, btw.), and make sure that the same commands that wouidl be executed for a RedHat system get executed?

Any results on your side appreciated.

We will also investigate into this one and open this as a bug internally.

Thanks,
Florian.

[vgaudin]

that's right .
the ktutil used by the default kerberos packages of the SuSe 9.3 pro are not the same that the compiled heimdal.
and the parameters command are differents.
so
I have done a modification on the ommergekeys script to force the SuSe-release on a redhat platform

like :

if
..
elif [ -e /etc/SuSE-release ]; then
platform=redhat

and .... that's okay.

I test all the procedure and give you a feedback

[florian]

thanks!

florian.

[jch]

That's odd, I can't find anything about a platform variable in my version of ommergekeys. Still, it's early in the morning so I'm easily fooled.

There should be a release note coming out to this effect, but the workaround to make ommergekeys and whatnot work properly is to install krb5-server. You don't need to configure it or anything, just install it and then ommergekeys and whatnot will correctly detect that you're running MIT kerberos.

jch

[vgaudin]

heheh jch take a coffee ;)

so what is this code :


test for redhat releases
if [ -e /etc/redhat-release ]; then
platform=redhat
elif [ -e /etc/SuSE-release ]; then
platform=redhat
else
echo "This script can only be run on Redhat Linux or SuSE Linux"
exit 1;
fi

take a look of my big midification of the script an

in the script omkrbinstall it was a litle more complex and I have to modify the Os detection but also the services running script.

[markd]

The code in that part of the script changed in the last patch (9.2.1.27 and 9.4). Which is why jch did not see the platform code.