kadmin under 3.7

eric Thu, 26 May 2005 15:05:03 -0700

Greetings,

I'm trying to configure a kerberos realm on hostA.  under 3.7-RELEASE. Using
the config found below [1], this is how far I get.


# kstash
Master key: <masterkey>
Verifying password - Master key: <masterkey>

# kadmin -l
kadmin> init EXAMPLE.NET
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
kadmin> add root
Max ticket life [unlimited]:
Max renewable life [unlimited]:
Attributes []:
Password: <foobar>
Verifying password - Password: <foobar>

# /usr/libexec/kdc &
# /usr/libexec/kadmind &
# exit

Next I do...

$ kinit root/admin
root/[EMAIL PROTECTED]'s Password: <foobar>

$ klist
Credentials cache: FILE:/tmp/krb5cc_1002
        Principal: [EMAIL PROTECTED]

  Issued           Expires          Principal                       
May 26 16:37:05  May 27 02:37:05  krbtgt/[EMAIL PROTECTED]

So that's all fine and dandy. But....when I try to add a user...

$ kadmin
kadmin> add plonk
root/[EMAIL PROTECTED]'s Password: 
Max ticket life [unlimited]:
Max renewable life [unlimited]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
[EMAIL PROTECTED]'s Password: 
Verifying - [EMAIL PROTECTED]'s Password: 
root/[EMAIL PROTECTED]'s Password: 
kadmin: kadm5_create_principal: Client (root/[EMAIL PROTECTED]) unknown
kadmin: adding plonk: Client not found in Kerberos database

If I destroy my tickets and try and reinit, I see the following...

$ kdestroy
$ kinit root/admin
kinit: krb5_get_init_creds: Client (root/[EMAIL PROTECTED]) unknown

The kadmind logs show...

2005-05-26T16:37:05 Server not found in database: krbtgt/[EMAIL PROTECTED]: No 
such entry in the database
2005-05-26T16:38:02 AS-REQ root/[EMAIL PROTECTED] from 
IPv6:2001:y:x:z:202:b3ff:fe28:5216 for kadmin/[EMAIL PROTECTED]
2005-05-26T16:38:02 UNKNOWN -- root/[EMAIL PROTECTED]: No such entry in the 
database
2005-05-26T16:38:15 AS-REQ root/[EMAIL PROTECTED] from 
IPv6:2001::y:x:z::202:b3ff:fe28:5216 for kadmin/[EMAIL PROTECTED]
2005-05-26T16:45:19 AS-REQ [EMAIL PROTECTED] from 
IPv6:2001:y:x:z::202:b3ff:fe28:5216 for krbtgt/[EMAIL PROTECTED]
2005-05-26T16:47:35 AS-REQ root/[EMAIL PROTECTED] from 
IPv6:2001::y:x:z:202:b3ff:fe28:5216 for krbtgt/[EMAIL PROTECTED]
2005-05-26T16:47:35 UNKNOWN -- root/[EMAIL PROTECTED]: No such entry in the 
database

That's where I'm stuck at. Do I need a krbtgt principal on the loacl
machine? If so, how do you add that (since I seem to be running into the
same problem as above doing so). Should I use `kadmin -l` to do so?

If anyone can just give me a nudge in the right direction I'd appreciate it.

Thanks in advance.

- Eric

[1] /etc/kerberosV/krb5.conf

[libdefaults]
        default_realm = EXAMPLE.NET 
        clockskew = 300
        # no-addresses = yes
[realms]
        EXAMPLE.NET = {
                kdc = hostA.example.net 
                admin_server = hostA.example.net 
        }
[domain_realm]
        .example.net = EXAMPLE.NET 
[kadmin]
        default_keys = v5
[logging]
        kadmind = FILE:/var/heimdal/kadmind.log

kadmin under 3.7

Reply via email to