krb5-1.6.3 with LDAP backend on Solaris 10

Tue, 06 Nov 2007 07:16:30 -0800 

Hi,
I have successfully compiled (./configure --with-ldap --enable-dns --without-krb4) and installed krb5-1.6.3 on Solaris 10. And I am able to create the realm using kdb5_ldap_util, but when I try to run kadmin or krb5kdc it gives me: 

"krb5kdc: cannot initialize realm `REALM` - see log file for details"

bash-3.00# cat /var/log/kadmind.log

Oct 19 10:54:03 boon kadmind[684](Error): Unable to find requested 
database type while initializing, aborting
Oct 19 11:02:02 boon kadmind[708](Error): Unable to find requested 
database type while initializing, aborting


Running truss reveals that kldap.so does indeed get opened:

-----
time()                                          = 1193426650
stat("/usr/local/lib/krb5/plugins/kdb/kldap", 0xFFBFF6A0) Err#2 ENOENT
stat("/usr/local/lib/krb5/plugins/kdb/kldap.so", 0xFFBFF6A0) = 0
stat("/usr/local/lib/krb5/plugins/kdb/kldap.so", 0xFFBFF168) = 0

resolvepath("/usr/local/lib/krb5/plugins/kdb/kldap.so", 
"/usr/local/lib/krb5/plugins/kdb/kldap.so", 1023) = 40

open("/usr/local/lib/krb5/plugins/kdb/kldap.so", O_RDONLY) = 5

mmap(0x00010000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 5, 0) 
= 0xFEEE0000
mmap(0x00010000, 81920, PROT_NONE, 
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFECE0000
mmap(0xFECE0000, 10017, PROT_READ|PROT_EXEC, 
MAP_PRIVATE|MAP_FIXED|MAP_TEXT, 5,0) = 0xFECE0000


-----


The LDAP server we are using is Sun Java Enterprise 6. I have compiled 
against the default Solaris 10 ldap libraries and OpenLDAP and get the 
same results.



Has anyone been able to get this to work in Solaris 10? Any pointers 
would be appreciated. krb5.conf attached.


Thanks,

Robert







This e-mail contains information some or all of which may be confidential, 
proprietary and/or legally privileged.  If an addressing or transmission error 
has misdirected this e-mail, please notify the sender by replying to this 
e-mail.  If you are not the intended recipient you must not use, disclose, 
distribute, copy, print or rely on this e-mail.

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = EXAMPLE.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]

 EXAMPLE.COM = {
  kdc = kdc1.example.com
  admin_server = kdc1.example.com
  database_module = ldapconf
 }

[domain_realm]
 example.com = EXAMPLE.COM
 .example.com = EXAMPLE.COM

[appdefaults]
# kinit = {
#       renewable = true
#       forwardable= true
# }

[dbdefaults]
 ldap_kerberos_container_dn = cn=krbcontainer,dc=example,dc=com

[dbmodules]
 ldapconf = {
  db_library = kldap
  ldap_kerberos_container_dn = cn=krbcontainer,dc=example,dc=com
  ldap_kdc_dn = "cn=directory manager"
  ldap_kadmind_dn = "cn=directory manager"
  ldap_service_password_file = /usr/local/var/krb5kdc/service.keyfile
  ldap_servers = ldap://odin.example.com:389
  ldap_conns_per_server =5
 }

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos














    











					Reply via email to