Manualshelf

HP CIFS Server and Kerberos

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
21222324252627282930
22
krb5_rd_req(ATCUX5$@HPATC2003.HP.COM) failed: Wrong principal in request
[2005/01/19 13:32:02, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113)
krb5_rd_req(host/atcux5@HPATC2003.HP.COM) failed: Wrong principal in request
[2005/01/19 13:32:02, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113)
krb5_rd_req(host/ATCUX5@HPATC2003.HP.COM) failed: Wrong principal in request
[2005/01/19 13:32:02, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113)
krb5_rd_req(host/atcux5@HPATC2003.HP.COM) failed: Wrong principal in request
[2005/01/19 13:32:02, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113)
krb5_rd_req(host/ATCUX5@HPATC2003.HP.COM) failed: Wrong principal in request
[2005/01/19 13:32:02, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113)
krb5_rd_req(HOST/atcux5@HPATC2003.HP.COM) failed: Wrong principal in request
[2005/01/19 13:32:02, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113)
krb5_rd_req(HOST/ATCUX5@HPATC2003.HP.COM) failed: Wrong principal in request
[2005/01/19 13:32:02, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113)
krb5_rd_req(HOST/atcux5@HPATC2003.HP.COM) failed: Wrong principal in request
[2005/01/19 13:32:02, 0] libads/kerberos_verify.c:ads_keytab_verify_ticket(113)
krb5_rd_req(HOST/ATCUX5@HPATC2003.HP.COM) failed: Wrong principal in request
[2005/01/19 13:32:02, 10] libads/kerberos_verify.c:ads_keytab_verify_ticket(115)
krb5_rd_req succeeded for principal cifs/atcux5@HPATC2003.HP.COM
In this example, the HP CIFS Server can authorize the Windows client to access the server share,
using Kerberos in the Windows domain and the keytab file on the HP CIFS Server. However, an HP-
UX Internet Services user cannot gain system access using Kerberos with the system in this state.
5.1.1 Kerberos modifications for INET Services
HP-UX Internet Services users cannot use system Kerberos libraries to access system resources
because of a mis-match in Kerberos libraries on the system. Although the system Kerberos libraries
were updated to version 1.3.5 for this configuration, the Internet Services suite utilizes its own
Kerberos library set that is delivered with the product. This library set is obsolete, and does
not recognize the WRFILE attribute in the /etc/krb5.conf file as a valid attribute. Therefore, the
default_keytab_name parameter is invalid, and the INET Services application cannot find the Kerberos
keytab file to access the secret key for decrypting.
To modify this configuration for HP-UX Internet Services interoperation, the /etc/krb5.conf file must
be edited to remove the WRFILE attribute. This does not affect HP CIFS Server authentication,
because the krb5.conf default_keytab_name parameter is only used by HP CIFS Server for the
creation of the /etc/krb5.keytab file.
/etc/krb5.conf for HP-UX Internet Services and HP CIFS Server
[libdefaults]
default_realm = HPATC2003.HP.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
default_keytab_name = "WRFILE:/etc/krb5.keytab" (DELETE or COMMENT OUT this line)
[realms]
HPATC2003.HP.COM = {
kdc = HPATCWIN2K4.HPATC2003.HP.COM:88
admin_server = HPATCWIN2K4.HPATC2003.HP.COM
}
[domain_realm]
.hp.com = HPATC2003.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log