Figured it out. Just had to clear the maintenance state for kadmin (rolls eyes at self).
Jeff Blaine wrote: > This doesn't look too promising. Any help, again, would > be greatly appreciated. > > Solaris 10 6/06 release. Setting up a master KDC from scratch. > > ==================================================================== > See further down for spammy kadmin.local set up output that > was generated seconds before the following: > > bash-3.00# svcadm enable -r network/security/krb5kdc > bash-3.00# svcs -l krb5kdc > fmri svc:/network/security/krb5kdc:default > name Kerberos key distribution center > enabled true > state online <-------------- good > next_state none > state_time Wed Jan 24 21:29:00 2007 > logfile /var/svc/log/network-security-krb5kdc:default.log > restarter svc:/system/svc/restarter:default > contract_id 100 > dependency require_all/error svc:/network/dns/client (online) > bash-3.00# svcadm enable -r network/security/kadmin > bash-3.00# svcs -l kadmin > fmri svc:/network/security/kadmin:default > name Kerberos administration daemon > enabled true > state maintenance <-------------- bad > next_state none > state_time Wed Jan 24 21:29:19 2007 > logfile /var/svc/log/network-security-kadmin:default.log > restarter svc:/system/svc/restarter:default > contract_id > dependency require_all/error svc:/network/dns/client (online) > bash-3.00# > ==================================================================== > bash-3.00# /usr/sbin/kadmin -p jblaine/admin > Authenticating as principal jblaine/[EMAIL PROTECTED] with password. > kadmin: GSS-API (or Kerberos) error while initializing kadmin interface > ==================================================================== > bash-3.00# kinit -p jblaine/admin > Password for jblaine/[EMAIL PROTECTED]: > bash-3.00# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: jblaine/[EMAIL PROTECTED] > > Valid starting Expires Service principal > 01/24/07 21:29:58 01/25/07 21:29:58 krbtgt/[EMAIL PROTECTED] > renew until 01/31/07 21:29:58 > bash-3.00# > ==================================================================== > /var/adm/kadmin.log has this useful message repeating: > > Jan 24 21:29:18 mega1.mitre.org kadmind[1125](Error): Cannot initialize > GSS-API authentication, failing. > ==================================================================== > For what it's worth, here are the set up commands I entered > seconds BEFORE what you see in the screen pastes that start > this email: > > bash-3.00# kadmin.local > Authenticating as principal root/[EMAIL PROTECTED] with password. > kadmin.local: addprinc jblaine/admin > WARNING: no policy specified for jblaine/[EMAIL PROTECTED]; defaulting to no > policy > Enter password for principal "jblaine/[EMAIL PROTECTED]": > Re-enter password for principal "jblaine/[EMAIL PROTECTED]": > Principal "jblaine/[EMAIL PROTECTED]" created. > kadmin.local: addprinc -randkey kiprop/mega1.mitre.org > WARNING: no policy specified for kiprop/[EMAIL PROTECTED]; > defaulting to no policy > Principal "kiprop/[EMAIL PROTECTED]" created. > kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/mega1.mitre.org > Entry for principal kadmin/mega1.mitre.org with kvno 3, encryption type > AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab > WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal kadmin/mega1.mitre.org with kvno 3, encryption type > Triple DES cbc mode with HMAC/sha1 added to keytab > WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal kadmin/mega1.mitre.org with kvno 3, encryption type > ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal kadmin/mega1.mitre.org with kvno 3, encryption type > DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5/kadm5.keytab. > kadmin.local: ktadd -k /etc/krb5/kadm5.keytab changepw/mega1.mitre.org > Entry for principal changepw/mega1.mitre.org with kvno 3, encryption > type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab > WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal changepw/mega1.mitre.org with kvno 3, encryption > type Triple DES cbc mode with HMAC/sha1 added to keytab > WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal changepw/mega1.mitre.org with kvno 3, encryption > type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal changepw/mega1.mitre.org with kvno 3, encryption > type DES cbc mode with RSA-MD5 added to keytab > WRFILE:/etc/krb5/kadm5.keytab. > kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/changepw > Entry for principal kadmin/changepw with kvno 3, encryption type AES-128 > CTS mode with 96-bit SHA-1 HMAC added to keytab > WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal kadmin/changepw with kvno 3, encryption type Triple > DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal kadmin/changepw with kvno 3, encryption type ArcFour > with HMAC/md5 added to keytab WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal kadmin/changepw with kvno 3, encryption type DES cbc > mode with RSA-MD5 added to keytab WRFILE:/etc/krb5/kadm5.keytab. > kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kiprop/mega1.mitre.org > Entry for principal kiprop/mega1.mitre.org with kvno 3, encryption type > AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab > WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal kiprop/mega1.mitre.org with kvno 3, encryption type > Triple DES cbc mode with HMAC/sha1 added to keytab > WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal kiprop/mega1.mitre.org with kvno 3, encryption type > ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5/kadm5.keytab. > Entry for principal kiprop/mega1.mitre.org with kvno 3, encryption type > DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5/kadm5.keytab. > kadmin.local: quit > bash-3.00# > ==================================================================== > I am following this document. Yeah, it's Solaris Kerberos. But > it's MIT Kerberos too. > > http://docs.sun.com/app/docs/doc/816-4557/6maosrjl2?a=view > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
