Hi, I'm new to Kerberos and have some issues.
I'm running Heimdal Kerberos on Debian and have successfully got
a KDC and client working with a PAM module for initial login. However
I'm having problems with several other things.
1. User 'tester' has a ~/.k5login which contains 'userA'
When 'userA' types 'kinit' to get credentials, then types 'ksu
tester'
it is prompted with tester's password (thought it would not have
needed this) When providing tester's password, Kerberos gives the
following error:
ksu: krb5_verify_user: No such entry in the database
2. On the client machine I want to do some basic administration. The
kadmind
service is running in /etc/inetd.conf and TCP wrappers allows
incoming
requests. Simply typing kadmin, I then type list * for a list of
accounts.
and get the following error message:
kadmin> list *
kadmin: get *: Operation requires `get' privilege On the server
my /var/lib/heimdal-kdc/kdc.conf has the acl file called
kadmind.acl . This file did not exist so I created it then added
the
following entry:
*/[EMAIL PROTECTED] *
3. Lastly, I'm not entirely sure about /etc/krb5.keytab and
/etc/srvtab. From my understanding /etc/srvtab is used only for
Kerberos IV.
Is /etc/krb5.keytab only supposed to contain principle entries, not
normal
accounts?
For example, to create a user account I do
kadmin> add userA
And to add a principle account I do
kadmin> add -r host/hostname
kadmin> ext_keytab When trying to do some remote
administration on another machine, it
complained about a non-existing /etc/krb5.keytab . This file only
exists on
my KDC. Should it exist on all machiens where remote administration
is
required as well? Looking forward to some answers.
Regards, Craig
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
