System Info:
SunOS mercury 5.8 Generic_108528-09 sun4u sparc SUNW,Sun-Fire-280R
gcc 2.95.3
Kerberos 5 v1.2.2
I am installing Kerberos 5 v1.2.2 on Solaris, and am running into a bit of
trouble. Following the instructions in ./docs/install.html, everything goes
fine until this step:
Create Host Keys for the Slave KDCs
Each KDC needs a host principal in the Kerberos database. You can enter
these from any host, once the kadmind daemon is running. For example, if
your master KDC were called kerberos.mit.edu, and you had two KDC slaves
named kerberos-1.mit.edu and kerberos-2.mit.edu, you would type the
following:
shell% /usr/local/sbin/kadmin
Instead of working, I get this error message back from kadmin:
bash-2.03# /usr/local/sbin/kadminAuthenticating as principal
[EMAIL PROTECTED] with password.kadmin: Required parameters
in kdc.conf missing while initializing kadmin interface
I have reviewed the docs regarding kdc.conf, and ours seems fine.Since I
just copied & pasted the samplekdc.conf, and modified it to our site, I
wouldn't think anything is missing. Here is our kdc.conf, located in
/usr/local/var/krb5kdc/kdc.conf (this is where itwas installed by default):
[kdcdefaults] kdc_ports = 88,750
[realms] ATHENA.MACALESTER.EDU = { database_name =
/usr/local/var/krb5kdc/principal admin_keytab =
/usr/local/var/krb5kdc/kadm5.keytab acl_file =
/usr/local/var/krb5kdc/kadm5.acl dict_file =
/usr/local/var/krb5kdc/kadm5.dict key_stash_file =
/usr/local/var/krb5kdc/.k5.ATHENA.MACALESTER.EDU kadmind_port = 749
max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1 supported_enctypes =
des3-hmac-sha1:normal des-cbc-crc:normal }
So what's the problem? As I said, all of the previous steps in the
install.htmlfile worked without a problem. Also, kinit comes back with this
error:
bash-2.03# /usr/local/bin/kinitkinit(v5): Cannot resolve network address for
KDC in requested realm while getting initial credentials
Now, I don't know why it wouldn't be able to resolve something. DNS is
configuredcorrectly on the machine, and there is a CNAME DNS entry for
kerberos.macalester.eduwhich points to the machine. Here is my
/etc/krb5.conf:
bash-2.03# cat /etc/krb5.conf [libdefaults] ticket_lifetime = 600
default_realm = ATHENA.MACALESTER.EDU default_tkt_enctypes =
des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1
des-cbc-crc
[realms] MACALESTER.EDU = { kdc = kerberos.macalester.edu:88
kdc = kerberos-1.macalester.edu:88 admin_server =
kerberos.macalester.edu:749 default_domain = macalester.edu }
[domain_realm] .macalester.edu = ATHENA.MACALESTER.EDU macalester.edu
= ATHENA.MACALESTER.EDU
[logging] kdc = FILE:/var/log/krb5kdc.log admin_server =
FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log
Again, this is just the default sample file, modified for our site.
I have checked /var/log/kadmin.log and krb5kdc.log. There are no errors,and
Kerberos is listening on the right interface.
Any ideas?
Thanks in advance,Ted FinesMacalester College
______________________________________________________________________________
Posted Via Binaries.net = SPEED+RETENTION+COMPLETION = http://www.binaries.net
