Hi, I'm trying to configure an Ubuntu system with MIT Kerberos (v1.8.1), with LDAP as the storage back-end (Sun OpenDS v2.2.1). I see a very odd behavior, where my host entries only show up when I list principals using 'kadmin.local', but not when I use 'kadmin'. From what I read, the two should behave identically if kadmin.local uses the same principal to connect.
Here's what I see from the two tools. Notice the "host/..." principal in the kadmin.local case. root@hydrogen:/etc/krb5kdc# kadmin -p nick/admin Authenticating as principal nick/admin with password. Password for nick/[email protected]: kadmin: list_principals [email protected] [email protected] nick/[email protected] K/[email protected] krbtgt/[email protected] kadmin/[email protected] kadmin/[email protected] kadmin/[email protected] kadmin/[email protected] kadmin: ^D root@hydrogen:/etc/krb5kdc# kadmin.local -p nick/admin Authenticating as principal nick/admin with password. kadmin.local: list_principals host/[email protected] <=== Not listed above [email protected] [email protected] nick/[email protected] K/[email protected] krbtgt/[email protected] kadmin/[email protected] kadmin/[email protected] kadmin/[email protected] kadmin/[email protected] kadmin.local: ^D When I look at the LDAP logs, the two commands behave quite differently. My realm has two search trees root@hydrogen:/etc/krb5kdc# kdb5_ldap_util -D "cn=directory manager" view Password for "cn=directory manager": Realm Name: EXAMPLE.NET Subtree: ou=computers,dc=example,dc=net Subtree: ou=users,dc=example,dc=net >From looking at the LDAP logs, it looks like kadmin never even queries the >first subtree shown above. Does kadmin expect different parameters to be set in krb5.conf than kadmin.local would? The man page implies the two behave very similarly. Any advice welcome. I'm really pretty stumped, though I'm also a pretty novice Kerberos admin. thanks, -Nick ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
