I'm also using Kerberos with RH...
I don't see your hosts in your principal list...
You should add the host, with a random key and store it in /etc/krb5.keytab
for every host that's in the realm, including the KDC.
That could be the cause of your problem...
I'm not sure though I'm also not using DNS.
- Jin
On Wed, 12 Nov 2003 20:54:52 -0700 [EMAIL PROTECTED]
wrote:
> Hi All,
>
> This is my first email to clug. I hope there's kerberos expert on this
> list.
> I've been battling with kerberos issues for couple of days.
>
> I've installed latest kerberos on RH advance server according to
> documentation.
> Everything seems ok but kerberos client apps like kinit are not working.
>
> I could run kadmin.local. All important principals are created as well.
>
> I logged in as root on the same machine where master kdc is running. I've
> setup DNS as well but no success.
>
> I noticed one thing: I did not create principal for [EMAIL PROTECTED]
> When
> I ran kinit, this is the message I got in krb4kdc.log file:
>
> Nov 11 15:06:01 kerberos krb5kdc[26446](info): AS_REQ (6 etypes {18 16 23
> 1
> 3 2}) 128.1.1.70: CLIENT_NOT_FOUND: [EMAIL PROTECTED] for
> krbtgt/[EMAIL PROTECTED], Client not found in Kerberos database
> Nov 11 15:06:01 kerberos krb5kdc[26446](info): DISPATCH: repeated
> (retransmitted?) request from 128.1.1.70, resending previous response
>
> When I created this principal, krb5kdc dies silently (no message in log).
> It seems like kinit is communicating with kdc but somehow krb5kdc process
> crashes.
>
> when I run kinit. kinit complains with this error:
> kinit(v5): Cannot contact any KDC for requested realm while getting
> initial
> credentials
>
> Here's my krb5.conf file:
> [EMAIL PROTECTED] krb5kdc]# more /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = RTDLINUX.COM
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> RTDLINUX.COM = {
> kdc = kerberos.rtdlinux.com:88
> admin_server = kerberos.rtdlinux.com:749
> default_domain = rtdlinux.com
> }
>
> [domain_realm]
> .rtdlinux.com = RTDLINUX.COM
> rtdlinux.com = RTDLINUX.COM
>
>
> [kdc]
> profile = /usr/local/var/krb5kdc/kdc.conf
>
> [pam]
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
>
> Here's kdc.conf file contents:
> [EMAIL PROTECTED] krb5kdc]# more /usr/local/var/krb5kdc/kdc.conf
> [kdcdefaults]
> kdc_ports = 88,750
>
> [realms]
> RTDLINUX.COM = {
> database_name = /usr/local/var/krb5kdc/principal
> admin_keytab = /etc/krb5.keytab
> acl_file = /usr/local/var/krb5kdc/kadm5.acl
> key_stash_file = /usr/local/var/krb5kdc/.k5.RTDLINUX.COM
> kadmin_port = 749
> kdc_ports = 88,750
> max_life = 10h 0m 0s
> max_renewable_life = 7d 0h 0m 0s
> master_key_type = des3-hmac-sha1
> supported_enctypes = des3-hmac-sha1:normal
> des-cbc-crc:normal
> }
>
> These are the principals:
> K/[EMAIL PROTECTED]
> kadmin/[EMAIL PROTECTED]
> kadmin/[EMAIL PROTECTED]
> kadmin/[EMAIL PROTECTED]
> krbtgt/[EMAIL PROTECTED]
> muzaffar/[EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> Please help me if anybody has any clue.
>
> Thanks in advance.
> _________________________________________________________
> Muzaffar Sultan--Telvent
> [EMAIL PROTECTED]
> Ph: (403)-301-5020
>
>
>
>
>
>
>
> ________________________________________________
> Kerberos mailing list [EMAIL PROTECTED]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
