Hi,
I am a beginner in Kerberos. I am able to do kerberos admin operations after
successful configuration of kerberos 2.0-6 in my alpha m/c running on VMS 7.3
I failed while running given example krb_server and krb_client in its mutual
authentication functions.
In krb_client the api krb5_sendauth returned as
KRB_CLIENT: Server not found in Kerberos database while using sendauth
and in krb_sever the error message returned as
KRB_SERVER: Unknown code 53 while receiving authorization from client
Here are more details on setup/environment
1] Both of my client and server running on same m/c and the host looks like
nslookup
> xdcxc.bgo.dev.com
Server: usdin.bgo.dev.com
Address: 16.138.244.51
xdcxc.bgo.dev.com internet address = 16.123.234.138
bgo.dev.com nameserver = andes.bgo.dev.com
bgo.dev.com nameserver = halogin01.hansa.net
bgo.dev.com nameserver = usdin.bgo.dev.com
andes.bgo.dev.com internet address = 16.136.224.49
halogin01.hansa.net internet address = 16.230.18.51
usdin.bgo.dev.com internet address = 16.111.201.51
2] The Krb5.conf is
XDCXC$ type KRB5.CONF;1
[libdefaults]
default_realm = XDCXC.BGO.DEV.COM
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
XDCXC.BGO.DEV.COM = {
kdc = xdcxc.bgo.dev.com:88
admin_server = xdcxc.bgo.dev.com:749
default_domain = bgo.dev.com
}
[domain_realm]
.bgo.dev.com = XDCXC.BGO.DEV.COM
bgo.dev.com = XDCXC.BGO.DEV.COM
[logging]
kdc = FILE=krb$root:[log]krb$krb5kdc.log
admin_server = FILE=krb$root:[log]krb$kadmind.log
default = FILE=krb$root:[log]krb5lib.log
3] The kdc.conf looks like
XDCXC$ type KDC.CONF;1
[kdcdefaults]
kdc_ports = 750,88
[realms]
XDCXC.BGO.DEV.COM = {
database_name = krb$root:[krb5kdc]principal
admin_keytab = krb$root:[krb5kdc]kadm5.keytab
acl_file = krb$root:[krb5kdc]kadm5.acl
key_stash_file = krb$root:[krb5kdc_k5_XDCXC_XKO_DEC_COM
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
des:normal des:v4 des:norealm des:onlyrealm des:afs3
kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
des-cbc-crc:v4
4] The principals are
KRB$KADMIN:listprincs
K/[EMAIL PROTECTED]
SYSTEM/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
krb_sample/[EMAIL PROTECTED]
krbtgt/[EMAIL PROTECTED]
5] The keytab is
KRB$KADMIN:ktlist
krb_sample/[EMAIL PROTECTED] (kvno: 4, etype: Triple DES cbc mode with HMAC/sha1)
krb_sample/[EMAIL PROTECTED] (kvno: 4, etype: DES cbc mode with CRC-32)
6] The klist before running server and client on different session of same m/c
XDCXC$ kinit -kt XDCXC$DKA0:[SYS0.KERBEROS.ETC]KRB5.KEYTAB "krb_sample/xdcxc"
XDCXC$ klist
Ticket cache: FILE:krb$user:[tmp]krb5cc_65540
Default principal: krb_sample/[EMAIL PROTECTED]
Valid starting Expires Service principal
11/20/03 06:20:16 11/20/03 16:20:16 krbtgt/[EMAIL PROTECTED]
Kerberos 4 ticket cache: krb$user:[tmp]k4_tkt_cache65540
KRB$KLIST: You have no tickets cached
7] It is a single kdc configuration. Both the client and Server is configured in same
m/c.
8] The log files are
XDCXC$DKA0:[SYS0.KERBEROS.LOG]KRB$KADMIND.LOG;1
Nov 20 05:28:01 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](info): starting
Nov 20 05:28:26 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_init, SYSTEM/[EMAIL PROTECTED], success, client=SYSTEM/[EMAIL PROTECTED]
BGO.DEV.COM, service=kadmin/[EMAIL PROTECTED], addr=16.123.234.138
Nov 20 05:28:31 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_principals, *, success, client=SYSTEM/[EMAIL PROTECTED], servic
e=kadmin/[EMAIL PROTECTED], addr=16.123.234.138
Nov 20 05:29:07 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_policy, default, Policy does not exist, client=SYSTEM/[EMAIL PROTECTED]
.DEC.COM, service=kadmin/[EMAIL PROTECTED], addr=16.123.234.138
Nov 20 05:29:22 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_init, SYSTEM/[EMAIL PROTECTED], success, client=SYSTEM/[EMAIL PROTECTED]
BGO.DEV.COM, service=kadmin/[EMAIL PROTECTED], addr=16.123.234.138
Nov 20 05:29:39 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_policy, default, Policy does not exist, client=SYSTEM/[EMAIL PROTECTED]
.DEC.COM, service=kadmin/[EMAIL PROTECTED], addr=16.123.234.138
Nov 20 05:29:39 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_create_principal, krb_sample/[EMAIL PROTECTED], success, client=SYS
TEM/[EMAIL PROTECTED], service=kadmin/[EMAIL PROTECTED], addr=16.138
.247.151
Nov 20 05:29:40 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_randkey_principal, krb_sample/[EMAIL PROTECTED], success, client=SY
STEM/[EMAIL PROTECTED], service=kadmin/[EMAIL PROTECTED], addr=16.13
8.247.151
Nov 20 05:29:40 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_modify_principal, krb_sample/[EMAIL PROTECTED], success, client=SYS
TEM/[EMAIL PROTECTED], service=kadmin/[EMAIL PROTECTED], addr=16.138
.247.151
Nov 20 05:29:49 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_principals, *, success, client=SYSTEM/[EMAIL PROTECTED], servic
e=kadmin/[EMAIL PROTECTED], addr=16.123.234.138
Nov 20 05:30:10 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_randkey_principal, krb_sample/[EMAIL PROTECTED], success, client=SY
STEM/[EMAIL PROTECTED], service=kadmin/[EMAIL PROTECTED], addr=16.13
8.247.151
Nov 20 05:30:10 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_principal, krb_sample/[EMAIL PROTECTED], success, client=SYSTEM
/[EMAIL PROTECTED], service=kadmin/[EMAIL PROTECTED], addr=16.138.24
7.151
Nov 20 05:30:53 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_randkey_principal, krb_sample/[EMAIL PROTECTED], success, client=SY
STEM/[EMAIL PROTECTED], service=kadmin/[EMAIL PROTECTED], addr=16.13
8.247.151
Nov 20 05:30:53 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_principal, krb_sample/[EMAIL PROTECTED], success, client=SYSTEM
/[EMAIL PROTECTED], service=kadmin/[EMAIL PROTECTED], addr=16.138.24
7.151
XDCXC$DKA0:[SYS0.KERBEROS.LOG]KRB$KRB5KDC.LOG;1
Nov 20 05:28:00 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): setting up network...
Nov 20 05:28:00 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): listening on fd 6: 16.123.234.138 port 750
Nov 20 05:28:00 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): listening on fd 7: 16.123.234.138 port 88
Nov 20 05:28:00 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): set up 2 sockets
Nov 20 05:28:00 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): commencing operation
Nov 20 05:28:07 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069277287, etypes {rep=16 tkt=16 ses=16}, SYSTEM/[EMAIL PROTECTED]
for kadmin/[EMAIL PROTECTED]
Nov 20 05:29:17 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069277357, etypes {rep=16 tkt=16 ses=16}, SYSTEM/[EMAIL PROTECTED]
for kadmin/[EMAIL PROTECTED]
Nov 20 05:32:45 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069277565, etypes {rep=16 tkt=16 ses=16}, krb_sample/[EMAIL PROTECTED]
.COM for krbtgt/[EMAIL PROTECTED]
Nov 20 05:33:04 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069277584, etypes {rep=16 tkt=16 ses=16}, krb_sample/[EMAIL PROTECTED]
.COM for krbtgt/[EMAIL PROTECTED]
Nov 20 05:34:23 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069277663, etypes {rep=16 tkt=16 ses=16}, krb_sample/[EMAIL PROTECTED]
.COM for krbtgt/[EMAIL PROTECTED]
Nov 20 05:34:55 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): TGS_REQ (2 etypes {16 1}) 16.123.234.138(88): UNKNOWN_
SERVER: authtime 1069277663, krb_sample/[EMAIL PROTECTED] for krb_sample/
[EMAIL PROTECTED], Server not found in Kerberos database
Nov 20 05:35:24 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): TGS_REQ (2 etypes {16 1}) 16.123.234.138(88): UNKNOWN_
SERVER: authtime 1069277663, krb_sample/[EMAIL PROTECTED] for krb_sample/
[EMAIL PROTECTED], Server not found in Kerberos database
Nov 20 06:20:16 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069280416, etypes {rep=16 tkt=16 ses=16}, krb_sample/[EMAIL PROTECTED]
.COM for krbtgt/[EMAIL PROTECTED]
Nov 20 06:25:38 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): TGS_REQ (2 etypes {16 1}) 16.123.234.138(88): UNKNOWN_
SERVER: authtime 1069280416, krb_sample/[EMAIL PROTECTED] for krb_sample/
[EMAIL PROTECTED], Server not found in Kerberos database
I tried by creating principals and generating keytabs in different occasions like
a] krb_sample/[EMAIL PROTECTED]
b] krb_sample/[EMAIL PROTECTED]
Execution shows that server received the connection request and socket routines are
working fine
I followed the steps mentioned in setup.com.
Can you please help me to troubleshoot and commission the application successfully.
Thanks and Regards,
randy
---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
