Hi All,
This is my first email to clug. I hope there's kerberos expert on this
list.
I've been battling with kerberos issues for couple of days.
I've installed latest kerberos on RH advance server according to
documentation.
Everything seems ok but kerberos client apps like kinit are not working.
I could run kadmin.local. All important principals are created as well.
I logged in as root on the same machine where master kdc is running. I've
setup DNS as well but no success.
I noticed one thing: I did not create principal for [EMAIL PROTECTED] When
I ran kinit, this is the message I got in krb4kdc.log file:
Nov 11 15:06:01 kerberos krb5kdc[26446](info): AS_REQ (6 etypes {18 16 23 1
3 2}) 128.1.1.70: CLIENT_NOT_FOUND: [EMAIL PROTECTED] for
krbtgt/[EMAIL PROTECTED], Client not found in Kerberos database
Nov 11 15:06:01 kerberos krb5kdc[26446](info): DISPATCH: repeated
(retransmitted?) request from 128.1.1.70, resending previous response
When I created this principal, krb5kdc dies silently (no message in log).
It seems like kinit is communicating with kdc but somehow krb5kdc process
crashes.
when I run kinit. kinit complains with this error:
kinit(v5): Cannot contact any KDC for requested realm while getting initial
credentials
Here's my krb5.conf file:
[EMAIL PROTECTED] krb5kdc]# more /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = RTDLINUX.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
RTDLINUX.COM = {
kdc = kerberos.rtdlinux.com:88
admin_server = kerberos.rtdlinux.com:749
default_domain = rtdlinux.com
}
[domain_realm]
.rtdlinux.com = RTDLINUX.COM
rtdlinux.com = RTDLINUX.COM
[kdc]
profile = /usr/local/var/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
Here's kdc.conf file contents:
[EMAIL PROTECTED] krb5kdc]# more /usr/local/var/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 88,750
[realms]
RTDLINUX.COM = {
database_name = /usr/local/var/krb5kdc/principal
admin_keytab = /etc/krb5.keytab
acl_file = /usr/local/var/krb5kdc/kadm5.acl
key_stash_file = /usr/local/var/krb5kdc/.k5.RTDLINUX.COM
kadmin_port = 749
kdc_ports = 88,750
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal
des-cbc-crc:normal
}
These are the principals:
K/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
krbtgt/[EMAIL PROTECTED]
muzaffar/[EMAIL PROTECTED]
[EMAIL PROTECTED]
Please help me if anybody has any clue.
Thanks in advance.
_________________________________________________________
Muzaffar Sultan--Telvent
[EMAIL PROTECTED]
Ph: (403)-301-5020
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
