I am currently attempting to set up a kerberos primary server on a machine running CentOS4 to serve a WAN that I am working on. I've been using the Red Hat Enterprise Linux 4 Reference Guide (in .pdf format) to do so. It's served me far better than any of the other FAQs that I've used on previous failed attempts to get kerberos running on other systems.
I have got the servers running with seemingly nothing wrong already. I used the example krb5.conf and kdc.conf files to create ones that parsed with no errors. I created a key database with no issues using the '/usr/kerberos/sbin/kdb5_util create -s' command. I created kadm5.acl with appropriate administrators specified and added an administrator account with '/usr/kerberos/sbin/kadmin.local -q "addprinc username/admin"'. I started the three daemons, also with no issues with the following invocation: /sbin/service krb5kdc start /sbin/service kadmin start /sbin/service krb524 start I then used kinit, klist, and kdestroy to verify that under my account I could create, view, and destroy a ticket properly. So the next step is, I get all of the client software and dependencies installed on another machine on the network that I want to connect from using kerberos auth. That's all installed correctly on a Ubuntu 7.10 machine that I'm currently on. Next is to create a host principal for my Ubuntu machine stored on the KDC host. THIS is where I'm running into the issue. When I execute 'kadmin addprinc -randkey host/blah.example.com' I receive the following error: Authenticating as principal root/[EMAIL PROTECTED] with password. kadmin: Missing parameters in krb5.conf required for kadmin client while initializing kadmin interface I don't know what is causing this, but I have a few ideas. First of all, I was thinking that it might be that I didn't know what 'host' and 'blah.example.com' were supposed to be. So I've tried linuxX.mydomain.net/kdc.mydomain.net, linuxX/mydomain.net, myadmin/ linuxX.mydomain.net, and every other variation that I could think of. The documentation in section 19.6 at that point isn't as good as I'd like it to be. So it could be that I'm trying to invoke it wrong. If not that, I have a few other ideas... Second was that the host name for the ubuntu machine will not resolve from the primary KDC. To get around this I added an /etc/hosts entry for my machine. If this doesn't work I'm ready to tackle BIND in order to get this WAN resolving properly internally. Third and finally was that I have just made an error that I can't figure out in the krb5.conf, but I transcribed straight from the example that is supposed to work out of the box, swapping only the domains and realms to make them applicable. I want to get it running like this before I try any further tweaking. Can anybody assist me with a pointer in the right direction on this? I would be very grateful. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
