I'm trying to setup kerberos single signon on my 10.4 server. I've been trying to do things as suggested in https://www.afp548.com/articles/Panther/kerberos2.html (which has been extremely helpful!). Everything seems to work perfectly up until the line:
sudo sso_util configure -r REALM -a admin_name [-p password] service
I get the following:
******************************************************
Contacting the directory server
Creating the service list
Creating the service principals
WARNING: no policy specified for xgrid/@INDRA.UOREGON.EDU; defaulting to no policy
WARNING: no policy specified for vpn/@INDRA.UOREGON.EDU; defaulting to no policy
WARNING: no policy specified for ipp/@INDRA.UOREGON.EDU; defaulting to no policy
WARNING: no policy specified for XMPP/@INDRA.UOREGON.EDU; defaulting to no policy
WARNING: no policy specified for host/@INDRA.UOREGON.EDU; defaulting to no policy
WARNING: no policy specified for smtp/@INDRA.UOREGON.EDU; defaulting to no policy
WARNING: no policy specified for http/@INDRA.UOREGON.EDU; defaulting to no policy
WARNING: no policy specified for pop/@INDRA.UOREGON.EDU; defaulting to no policy
WARNING: no policy specified for imap/@INDRA.UOREGON.EDU; defaulting to no policy
WARNING: no policy specified for ftp/@INDRA.UOREGON.EDU; defaulting to no policy
WARNING: no policy specified for afpserver/@INDRA.UOREGON.EDU; defaulting to no policy
Creating the keytab file
kadmin: Error writing to key table while adding key to keytab
kadmin: Error writing to key table while adding key to keytab
kadmin: Error writing to key table while adding key to keytab
kadmin: Error writing to key table while adding key to keytab
kadmin: Error writing to key table while adding key to keytab
kadmin: Error writing to key table while adding key to keytab
kadmin: Error writing to key table while adding key to keytab
kadmin: Error writing to key table while adding key to keytab
kadmin: Error writing to key table while adding key to keytab
kadmin: Error writing to key table while adding key to keytab
kadmin: Error writing to key table while adding key to keytab
Configuring services
WriteSetupFile: setup file path = /temp.fgf2/setup
Unable to configure service http error = 2
Cleaning up
****************************************************
One thing that I notice is that these service principle names are along the lines of xgrid/@INDRA.UOREGON.EDU, but I think they should be more like xgrid/indra.uoregon.edu@INDRA.UOREGON.EDU after seeing a healthy system. I don't know why it's doing this. Should the admin_name be the OpenDirectory admin?
I am able to use kadmin, I can get a ticket with kinit and view it with klist. The little graphical kerberos utility shows my tickets, and it all seems pretty happy. The thing is I can't do ssh without being asked for a password, xgrid won't accept the kerberos sso (which is really what i'm after here), and basically nothing useful seems to work even though I'm getting tickets. I'm pretty sure it comes down to this sso_util command, and that the service principals aren't being created properly, but I have no clue what to do about it. Does anybody know how to get this to work??
Thanks!
--Cooper
