I am pretty new to kerberos, and ran into some problems trying to configure
it. I'll try to discribe my current situation as good as I can:
I started with the following on the server:
kdb5_util create -s
kadmin.local -q "ktadd -k /kerberos/etc/krb5kdc/NL/LINUXNET/kadm5.keytab
kadmin/admin kadmin/changepw"
kadmin.local -q "addprinc mark/[EMAIL PROTECTED]"
kadmin.local -q "addprinc [EMAIL PROTECTED]"
kadmin.local -q "addprinc -randkey host/xp2600c.linuxnet.nl"
after this I am able to obtain a ticket using kinit and using login.krb5
after that I try to create a keytab on the client:
"ktadd -k /etc/krb5.keytab host/xp2600c.linuxnet.nl"
after this kinit is still able to get tickets...
but login.krb5 outputs the following error:
Generic unknown RC/IO error while verifying initial ticket
Nov 27 20:37:23 xp2600c krb5kdc[8777](info): AS_REQ (2 etypes {16 1})
10.4.8.27: ISSUE: authtime 1101587843, etypes {rep=16 tkt=16 ses=16},
[EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]
Nov 27 20:37:23 xp2600c krb5kdc[8777](info): TGS_REQ (2 etypes {16 1})
10.4.8.27: ISSUE: authtime 1101587843, etypes {rep=16 tkt=16 ses=16},
[EMAIL PROTECTED] for host/[EMAIL PROTECTED]
my config files look like this:
[logging]
� � kdc = FILE:/var/log/krb5kdc.log
� � admin_server = FILE:/var/log/kadmin.log
� � default = FILE:/var/log/krb5lib.log
[libdefaults]
� � ticket_lifetime = 24000
� � default_realm = LINUXNET.NL
� � default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
� � default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
� � forwardable = true
� � proxiable = true
[realms]
� � LINUXNET.NL = {
� � � � kdc = xp2600c.linuxnet.nl:88
� � � � admin_server = xp2600c.linuxnet.nl:749
� � � � default_domain = linuxnet.nl
� � }
[domain_realm]
� � .linuxnet.nl = LINUXNET.NL
[kdc]
� � profile = /etc/krb5kdc/kdc.conf
my kdc.conf looks like this:
[kdcdefaults]
� � dict_file = /etc/krb5kdc/dict
[realms]
� � LINUXNET.NL = {
� � � � database_name = /etc/krb5kdc/NL/LINUXNET/principal
� � � � admin_keytab = /etc/krb5kdc/NL/LINUXNET/kadm5.keytab
� � � � acl_file = /etc/krb5kdc/NL/LINUXNET/kadm5.acl
� � � � key_stash_file = /etc/krb5kdc/NL/LINUXNET/.k5.LINUXNET.NL
� � � � master_key_type = des3-hmac-sha1
� � � � supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
� � }
on the client I only have a krb5.conf file, and it looks like this:
[logging]
� � kdc = FILE:/var/log/krb5kdc.log
� � admin_server = FILE:/var/log/kadmin.log
� � default = FILE:/var/log/krb5lib.log
� � forwardable = true
� � proxiable = true
[libdefaults]
� � ticket_lifetime = 24000
� � default_realm = LINUXNET.NL
� � default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
� � default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
� � LINUXNET.NL = {
� � � � kdc = xp2600c.linuxnet.nl:88
� � � � admin_server = xp2600c.linuxnet.nl:749
� � � � default_domain = linuxnet.nl
� � }
[domain_realm]
� � .linuxnet.nl = LINUXNET.NL
kadm5.acl currently looks like this: (for testing)
*/[EMAIL PROTECTED] � � � � *
[EMAIL PROTECTED] � � � � � � � � � *
host/[EMAIL PROTECTED] � � � � � *
*/[EMAIL PROTECTED] � � � � � � � �*
I ran out of ideas, anybody any ideas where to look next?
thanks, Mark Hannessen.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
