Testing + Kerberos

Beck Zoltan Gyula Mon, 14 Jun 2004 03:45:20 -0700

Hi!

  I've a problem I can't resolve for a few day, I installed a Debian
Testing on it Mit Kerberos:


ii  krb5-admin-ser 1.3.3-2        Mit Kerberos master server (kadmind)
ii  krb5-config    1.6            Configuration files for Kerberos Version 5
ii  krb5-doc       1.3.3-2        Documentation for krb5
ii  krb5-kdc       1.3.3-2        Mit Kerberos key server (KDC)

cat /etc/krb5kdc/kdc.conf

[kdcdefaults]
        kdc_ports = 750,88

[realms]
TESTAI = {
                database_name = /var/lib/krb5kdc/testai
                admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
                acl_file = /etc/krb5kdc/kadm5.acl
                key_stash_file = /etc/krb5kdc/stash
                kdc_ports = 750,88
                kadmind_port = 749
                max_life = 10h 0m 0s
                max_renewable_life = 7d 0h 0m 0s
                master_key_type = des3-hmac-sha1
                supported_enctypes = des3-hmac-sha1:normal
des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
                default_principal_flags = +preauth
        }


cat /etc/krb5.conf

[libdefaults]
        ticket_lifetime         = 600
        default_realm           = TESTAI
        default_tkt_enctypes    = des3-hmac-sha1 des-cbc-crc
        default_tgs_enctypes    = des3-hmac-sha1 des-cbc-crc
        permitted_enctypes      = des3-hmac-sha1 des-cbc-crc des-cbc-md5
        kdc_timesync            = 1
        ccache_type             = 4
        forwardable             = true
        proxiable               = true

[realms]
TESTAI = {
        kdc                     = myhost.mydomain:88
        admin_server            = myhost.mydomain:750
        default_domain          = aitia
}

[domain_realm]
        mydomain                   = TESTAI
        .mydomain                  = TESTAI

[logging]
        kdc                     = FILE:/var/log/kerberos/krb5kdc.log
        admin_server            = FILE:/var/log/kerberos/kadmin.log
        default                 = FILE:/var/log/kerberos/krb5lib.log

[login]
        krb4_convert            = false
        krb4_get_tickets        = false


then I create the database

kdb5_util create -r TESTAI -s

echo "*/[EMAIL PROTECTED]   *" > /etc/krb5kdc/kadm5.acl

with kadmin.local I create:

addprinc root/admin admin/admin
ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
addprinc -randkey host/[EMAIL PROTECTED]
ktadd -k /etc/krb5.keytab host/[EMAIL PROTECTED]

then I want to start the krb5-kdc and krb5-admin-server init scripts, the
kdc looks like to start

lsof -i
krb5kdc  2000        root    7u  IPv4   3255       UDP
myhost.mydomain:kerberos
krb5kdc  2000        root    8u  IPv4   3256       UDP
myhost.mydomain:kerberos4

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

when I want to start krb5-admin-server init script nothing happens, in the
log file appears nothing.

The kadmin -r TESTAI give me this:

Authenticating as principal root/[EMAIL PROTECTED] with password.
kadmin: Cannot contact any KDC for requested realm while initializing
kadmin interface


what's could be the problem? Can anybody help me?

  Best regards
bzg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Testing + Kerberos

Reply via email to