I am trying to install and configure krb5-1.12.1 installed from ports on an Raspberry Pi running FreeBSD 10-STABLE.
root@krb5ldap:~ # uname -a FreeBSD krb5ldap 10.0-PRERELEASE FreeBSD 10.0-PRERELEASE #0 r260786+cc2516d(stable/10): Fri Jan 17 20:08:46 CET 2014 [email protected]:/usr/home/cjr/media/src/crochet-freebsd/work/obj/arm.arm/usr/home/cjr/media/src/freebsd-git/sys/RPI-B arm security/krb5 was compiled with DNS_FOR_REALM=on and LDAP=off. $PATH is set to /root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/usr/games:/sbin:/bin My /etc/krb5.conf is [libdefaults] default_realm = HB22.CRUWE.DE debug = true [realms] HB22.CRUWE.DE = { kdc = krb5ldap.hb22.cruwe.de admin_server = krb5ldap.hb22.cruwe.de } [domain_realm] hb22.cruwe.de = HB22.CRUWE.DE .hb22.cruwe.de = HB22.CRUWE.DE and /usr/local/var/krb5kdc/kdc.conf is [kdcdefaults] kdc_ports = 88,750 debug = true [realms] HB22.CRUWE.DE = { master_key_type = aes256-cts supported_enctypes = aes256-cts:normal } [logging] # By default, the KDC and kadmind will log output using # syslog. kdc = FILE:/usr/local/var/log/krb5kdc.log admin_server = FILE:/usr/local/var/log/kadmin.log default = FILE:/usr/local/var/log/krb5lib.log I try to run the most simple setup without a RDBMS or LDAP. All hosts in the network run ntpd to keep time in sync. A zone for hb22.cruwe.de is set up on ns.hb22.cruwe.de and served by bind99-9.9.4.2 named. root@krb5ldap:~ # host krb5ldap.hb22.cruwe.de krb5ldap.hb22.cruwe.de has address 192.168.178.3 After database initialization with kadmin.local and starting krb5kdc root@krb5ldap:~ # env KRB5_TRACE=/dev/stdout krb5kdc -n -p 88 [5299] 1392064874.28474: Retrieving K/[email protected] from FILE:/usr/local/var/krb5kdc/.k5.HB22.CRUWE.DE (vno 0, enctype 0) with result: 0/Success krb5kdc: starting... the kdc reports to be up in the log otp: Loaded Feb 10 20:41:14 krb5ldap krb5kdc[5299](Error): preauth pkinit failed to initialize: No realms configured correctly for pkinit support Feb 10 20:41:14 krb5ldap krb5kdc[5299](info): routing socket is fd 11 Feb 10 20:41:14 krb5ldap krb5kdc[5299](info): setting up network... krb5kdc: setsockopt(12,IPV6_V6ONLY,1) worked Feb 10 20:41:14 krb5ldap krb5kdc[5299](info): listening on fd 12: udp ::.88 (pktinfo) Feb 10 20:41:14 krb5ldap krb5kdc[5299](info): listening on fd 13: udp 192.168.178.3.88 Feb 10 20:41:14 krb5ldap krb5kdc[5299](info): set up 2 sockets Feb 10 20:41:14 krb5ldap krb5kdc[5299](info): commencing operation This is not observable via nmap, because krb5kdc does not listen as specified. [cjr@dijkstra:security/krb5]$ sudo nmap -sU -sT -p U:88,464,750,T:464,749,754 kerberos Starting Nmap 6.40 ( http://nmap.org ) at 2014-02-10 20:55 CET Nmap scan report for kerberos (192.168.178.3) Host is up (0.0048s latency). rDNS record for 192.168.178.3: krb5ldap.hb22.cruwe.de PORT STATE SERVICE 464/tcp open kpasswd5 749/tcp open kerberos-adm 754/tcp closed krb_prop 88/udp open|filtered kerberos-sec 464/udp open|filtered kpasswd5 750/udp closed kerberos MAC Address: B8:27:EB:07:73:60 (Raspberry Pi Foundation) Nmap done: 1 IP address (1 host up) scanned in 1.50 seconds When trying to test the existing principal admin with root@krb5ldap:~ # kinit admin/[email protected] on a different ssh-terminal, the program runs with out output, about two to three seconds later krb5kdc crashes (append last line) root@krb5ldap:~ # env KRB5_TRACE=/dev/stdout krb5kdc -n -p 88 [5231] 1392063323.707758: Retrieving K/[email protected] from FILE:/usr/local/var/krb5kdc/.k5.HB22.CRUWE.DE (vno 0, enctype 0) with result: 0/Success krb5kdc: starting... Segmentation fault (core dumped) and kinit terminates some seconds later: root@krb5ldap:~ # kinit admin/[email protected] kinit: Cannot contact any KDC for realm 'HB22.CRUWE.DE' while getting initial credentials I'd be greatful for any suggestions to further debug that issue and of course any tips how to get my configuration running. Cheers, -- Christopher TZ: GMT + 1h GnuPG/GPG: 0xE8DE2C14 FreeBSD 9.2-STABLE #1 r256184: Thu Oct 10 19:12:54 CEST 2013 [email protected]:/usr/obj/usr/home/cjr/media/src/freebsd/base/stable/9/sys/GEN_WDTRACE Punctuation matters: "Lets eat Grandma." or "Lets eat, Grandma." - Punctuation saves lives. "A panda eats shoots and leaves." or "A panda eats, shoots, and leaves." - Punctuation teaches proper biology. "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." (RFC 1925) ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
