On Tue, Nov 09, 2010 at 04:29:05PM -0200, Paulo Oliveira wrote: > Now I am with problem in authentication. I type kinit [email protected] and > appear: > > Nov 09 16:16:26 paulo-laptop krb5kdc[3372](info): AS_REQ (7 etypes {18 17 16 > 23 1 3 2}) 127.0.0.1: CLIENT_NOT_FOUND: [email protected] for > krbtgt/[email protected], Client not found in Kerberos database > > > In my kadm5.acl file has the user such as below: > > */[email protected]
Firstly, it's "kinit [email protected]" - note the capitals - or just "kinit paulo", if you have the default realm set as TESTE.UEM in /etc/krb5.conf. Next, the file kadm5.acl is only a list of which principals are kerberos administrators - that is, which principals have rights to add, modify or remove other principals. So you still have to create a principal [email protected] before they can kinit. You can do this using kadmin.local on the KDC itself, which solves the chicken-and-egg problem of how to create your administrator principal before you have any administrators. Once this is done, you no longer need kadmin.local - instead use kadmin from a remote workstation, which talks to kadmind over TCP. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
