I need some help installing kerberos. Any help greatly appreciated. I am using debian woody.
I installed the debian binaries (1.2.4) using apt-get ii krb5-admin-ser 1.2.4-5woody4 Mit Kerberos master server (kadmind) ii krb5-clients 1.2.4-5woody4 Secure replacements for ftp, telnet and rsh ii krb5-config 1.4 Configuration files for Kerberos Version 5 ii krb5-doc 1.2.4-5woody4 Documentation for krb5 ii krb5-kdc 1.2.4-5woody4 Mit Kerberos key server (KDC) ii krb5-user 1.2.4-5woody4 Basic programs to authenticate using MIT Ker ii libkrb5-dev 1.2.4-5woody4 Headers and development libraries for MIT Ke ii libkrb53 1.2.4-5woody4 MIT Kerberos runtime libraries and followed the directions on the install page: http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/install_toc.html ---------------------------------/etc/krb5.conf ----------------------- [libdefaults] default_realm = MYDOMAIN.COM ticket_lifetime = 600 # The following krb5.conf variables are only for MIT Kerberos. default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] MYDOMAIN.COM = { kdc = kerberos.mydomain.com # kdc = kerberos-1.mydomain.com:88 admin_server = kerberos.mydomain.com default_domain = mydomain.com } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM [logging] kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmin.log default = FILE:/var/log/kerberos/krb5lib.log [login] krb4_convert = false krb4_get_tickets = false ---------------------------------/etc/krb5.conf ----------------------- ---------------------------------/etc/krb5kdc/kdc.conf ----------------------- [kdcdefaults] kdc_ports = 750,88 [realms] MYDOMAIN.COM = { database_name = /var/lib/krb5kdc/principal admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab acl_file = /etc/krb5kdc/kadm5.acl key_stash_file = /etc/krb5kdc/stash # kdc_ports = 750,88 kadmind_port = 749 max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = des3-hmac-sha1 supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:afs3 # supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3 # default_principal_flags = +preauth } ---------------------------------/etc/krb5kdc/kdc.conf ----------------------- I get no unusual messages in the logs when I start kdc and kadmind: Jul 11 13:43:45 kerberos krb5kdc[2438](info): setting up network... Jul 11 13:43:45 kerberos krb5kdc[2438](info): listening on fd 8: 150.203.126.1 9 port 750 Jul 11 13:43:45 kerberos krb5kdc[2438](info): listening on fd 9: 150.203.126.1 9 port 88 Jul 11 13:43:45 kerberos krb5kdc[2438](info): set up 2 sockets Jul 11 13:43:45 kerberos krb5kdc[2439](info): commencing operation Jul 11 13:43:45 kerberos kadmind[2442](info): starting When I run kadmin, kinit they hang for 30 seconds or so and then I get this message: # kadmin Authenticating as principal root/[EMAIL PROTECTED] with password. kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface [EMAIL PROTECTED]:/etc# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME syslogd 160 root 18u IPv4 153 UDP *:syslog sshd 181 root 3u IPv4 309 TCP *:ssh (LISTEN) ntpd 184 root 4u IPv4 359 UDP *:ntp ntpd 184 root 5u IPv4 360 UDP localhost:ntp ntpd 184 root 6u IPv4 361 UDP kerberos.mydomain.com:ntp krb5kdc 2439 root 8u IPv4 31995 UDP kerberos.mydomain.com:kerberos4 krb5kdc 2439 root 9u IPv4 31996 UDP kerberos.mydomain.com:kerberos kadmind 2442 root 8u IPv4 32068 TCP *:kerberos-adm (LISTEN) kadmind 2442 root 9u IPv4 32069 UDP *:464 where: # grep ker /etc/services kerberos 88/tcp kerberos5 krb5 kerberos-sec # Kerberos v5 kerberos 88/udp kerberos5 krb5 kerberos-sec # Kerberos v5 kerberos-adm 749/tcp # Kerberos `kadmin' (v5) kerberos-adm 749/udp # Kerberos `kadmin' (v5) kerberos4 750/udp kerberos-iv kdc # Kerberos (server) udp kerberos4 750/tcp kerberos-iv kdc # Kerberos (server) tcp kerberos_master 751/udp # Kerberos authentication kerberos_master 751/tcp # Kerberos authentication I am running tcpdump while running kadmin but see no traffic. An strace of kadmin shows: connect(3, {sin_family=AF_INET, sin_port=htons(88), sin_addr=inet_addr("123.45.67.89")}}, 16) = 0 send(3, "j\201\2410\201\236\241\3\2\1\5\242\3\2\1\n\244\201\221"..., 164, 0) = 164 select(4, [3], NULL, NULL, {1, 0}) = 0 (Timeout) send(3, "j\201\2410\201\236\241\3\2\1\5\242\3\2\1\n\244\201\221"..., 164, 0) = 164 select(4, [3], NULL, NULL, {4, 0}) = 0 (Timeout) send(3, "j\201\2410\201\236\241\3\2\1\5\242\3\2\1\n\244\201\221"..., 164, 0) = 164 select(4, [3], NULL, NULL, {16, 0}) = 0 (Timeout) close(3) = 0 Actually it looks like kdc is not listening on TCP port 88. Should it be, and if it should why isn't it? Kim btw the mailing list web page says these posts are mirrored on usenet. Do subscribers unobfuscated email addresses end up on usenet too? -- -- Kim Holburn Network Consultant - Telecommunications Engineering Research School of Information Sciences and Engineering Australian National University - Ph: +61 2 61258620 M: +61 0417820641 Email: kim.holburn_at_anu.edu.au - PGP Public Key on request Life is complex - It has real and imaginary parts. Andrea Leistra (rec.arts.sf.written.Robert-jordan) ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
