Upgrading From Solaris 8 Operating Environment Might Create Redundant Kerberos Privacy Mechanisms (4672740) (Solaris 9 4/03 Release Notes)

Solaris 9 4/03 Release Notes

Previous: SPARC: Removal of SUNWjxcft Package Records Error During Upgrade (4525236)
Next: Upgrading to Solaris 9 4/03 Operating Environment Might Disable Existing Secure Shell Daemon (sshd) (4626093)

Upgrading From Solaris 8 Operating Environment Might Create Redundant Kerberos Privacy Mechanisms (4672740)

In the Solaris 9 4/03 operating environment, the Kerberos version 5 global mechanism includes privacy support. Therefore, the Kerberos domestic mechanism is not needed. If you installed the Kerberos domestic mechanism that is located in /usr/lib/gss/do/mech_krb.so.1 on a Solaris 8 system, remove the Kerberos domestic mechanism, then upgrade the system to the Solaris 9 4/03 operating environment.

Workaround: Follow these steps before you upgrade to the Solaris 9 4/03 operating environment.

Type the following command to determine if the Kerberos domestic mechanism is installed on the system.
% pkginfo | fgrep ' SUNWk5'
- If the output of this command includes any SUNWk5 package names, the Kerberos domestic mechanism is installed on the system. Go to step 2.
- If the output does not include any SUNWk5 package names, the Kerberos domestic mechanism is not installed on the system. Skip the rest of these steps. Upgrade the system.
Back up the /etc/nfssec.conf and /etc/gss/qop files by typing the following command.
% tar -cf /var/tmp/krb_config_files.tar /etc/nfssec.conf /etc/gss/qop
Verify that the files are backed up by typing the following command.
% tar -tf /var/tmp/krb_config_files.tar
Remove each package that is listed in the output of step 1.
% pkgrm package-name package-name package-name
Upgrade to the Solaris 9 4/03 operating environment.

The upgrade program updates the global Kerberos mechanism code and enables Kerberos privacy support.
In a text editor, change the following lines in the /etc/gss/mech file.
- Uncomment the following line.
  kerberos_v5 1.2.840.113554.1.2.2 gl/mech_krb5.so gl_kmech_krb5
  If necessary, add the previous line to the /etc/gss/mech file.
- Remove the following line.
  kerberos_v5 1.2.840.113554.1.2.2 do/mech_krb5.so do_kmech_krb5
- Restore the /etc/nfssec.conf and /etc/gss/qop files by typing the following command.
  % tar -xf /var/tmp/krb_config_files.tar