| Title: | Terminal Servers |
| Notice: | See Note 2 for Directory of important notes. Please use keywords. |
| Moderator: | LAVC::CAHILL�ON |
| Created: | Tue May 14 1991 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 3547 |
| Total number of notes: | 12300 |
Hello,
A customer(InterNet Provider) ask me a question about kerberos security
for DECServer90M.
Customer has two DECServer90M's.
Until last week, those machines work using kerberos security.
After changing one DECserver90M because hard trouble, customer set up
kerberos security,again. But can not set up it with following message.
What shall I set up kerberos security for both DECserver90M?
Please teach me how to set up kerberos security at DECServer90.
Error message:
local> CHANGE KERBEROS DEFAULT REALM FOCUS.OR.JP
Local -463- Only one default security server realm allowed
local>
Informations:
Following logs are results by using 'SHOW KERBEROS' at DECserver90M can not
set up well.
local>SHOW KERBEROS
Retransmit Interval: 00:00:02 Retransmit Timeout: 00:00:08
Ticket service port: 750 Password Service Port: 751
Default Realm: REALMNAME
Secret: (None)
Master Host: mailgate.focus.or.jp
Authorization Defaults:
Access: (None) Forced Callback: DISABLED
Max Connect: (None) Dialout Service: (None)
Dialback Number: (None)
Dialout Number: (None)
Permissions: NODIALBACK, NODIALOUT, LAT, TELNET, SLIP, PPP, NOPRIV
Realm: FOCUS.OR.JP
Secret: (None)
Authorization Defaults:
Access: (None) Forced Callback: DISABLED
Max Connect: (None) Dialout Service: (None)
Dialback Number: (None)
Dialout Number: (None)
Permissions: NODIALBACK, NODIALOUT, LAT, TELNET, SLIP, PPP, PRIV
Local>
Following logs are results by using 'SHOW KERBEROS' at DECserver90M can set
up well.
Local> SHOW KERBEROS
Lifetime: 0 08:00:00 Retransmit Timeout: 0 00:00:08
Ticket service port: 750 Password service port: 751
Default Realm: FOCUS.OR.JP
Secret: (None)
Domain: FOCUS.OR.JP (Implied)
Master Host: mailgate.focus.or.jp
Local>
Best Regards.
Thanks.
Takahasi kc2/csc/mcs
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 3540.1 | Easily solved. | IROCZ::D_NELSON | Dave Nelson LKG1-3/A11 226-5358 | Tue May 27 1997 13:29 | 50 |
RE: .0 > local> CHANGE KERBEROS DEFAULT REALM FOCUS.OR.JP > Local -463- Only one default security server realm allowed What you need to do in this case is: CHANGE KERBEROS NODEFAULT REALM REALMNAME CHANGE KERBEROS DEFAULT REALM FOCUS.OR.JP The default property on realms must be explicitly removed. This is to prevent mistakes. To change default realms un-do the old one, then do the new one. >local>SHOW KERBEROS >Retransmit Interval: 00:00:02 Retransmit Timeout: 00:00:08 >Ticket service port: 750 Password Service Port: 751 > >Default Realm: REALMNAME > Secret: (None) > Master Host: mailgate.focus.or.jp > Authorization Defaults: > Access: (None) Forced Callback: DISABLED > Max Connect: (None) Dialout Service: (None) > Dialback Number: (None) > Dialout Number: (None) > Permissions: NODIALBACK, NODIALOUT, LAT, TELNET, SLIP, PPP, NOPRIV Is this a valid realm? The name REALMNAME looks odd, like some example text. >Realm: FOCUS.OR.JP > Secret: (None) > Authorization Defaults: > Access: (None) Forced Callback: DISABLED > Max Connect: (None) Dialout Service: (None) > Dialback Number: (None) > Dialout Number: (None) > Permissions: NODIALBACK, NODIALOUT, LAT, TELNET, SLIP, PPP, PRIV This realm (the one I suspect you want) has no host nor is it default. I'd guess someone typed the following two commands: CHANGE KERBEROS REALM FOCUS.OR.JP CHANGE KERBEROS DEFAULT REALM REALMNAME MASTER HOST mailgate.focus.or.jp Where REALMNAME in the second command should have been FOCUS.OR.JP. Regards, Dave | |||||