Hello,
I'm playing with Kerberos authentification on my box and there
are some problems that I need assistance for.
For the first time I saw a lack of documentation on OpenBSD
(Weel, may be it's time to contribute :-)) regarding authentification.
The FAQ doesn't help much on Kerberos. It just says to read
"# info heimdal". Well, I did it and I was a little disapointed. The
info is great to setup a Kerberos server but being new to Kerberos, I'd
have liked infos on setting up a client.
After some hours googling/learning, I finally managed to get the
Kerberos Server running and configured OpenBSD Client as follow :
# cat /etc/kerberosV/krb5.conf
[libdefaults]
default_realm = CLAER.HAMMOCK.FR
[realms]
CLAER.HAMMOCK.FR = {
kdc = diogene.claer.hammock.fr
admin_server = diogene.claer.hammock.fr
master_kdc = diogene.claer.hammock.fr
default_domain = claer.hammock.fr
}
[domain_realm]
.claer.hammock.fr = CLAER.HAMMOCK.FR
claer.hammock.fr = CLAER.HAMMOCK.FR
# ls -l /etc/kerberosV/krb5.keytab
-rw------- 1 root wheel 358 May 15 15:45 /etc/kerberosV/krb5.keytab
>From there, I can obtain a kerberos ticket on the system :
# kinit claer
[email protected]'s Password:
# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: [email protected]
Issued Expires Principal
May 19 10:06:28 May 19 20:05:51 krbtgt/[email protected]
Strange thing is I saw this in the server logfile :
May 19 10:06:34 diogene krb5kdc[18818](info): TGS_REQ (8 etypes {18 17 16 5 23
3 2 1}) 172.16.1.1: UNKNOWN_SERVER: authtime 0, [email protected] for
krbtgt/[email protected], Server not found in Kerberos database
May 19 10:06:37 diogene krb5kdc[18818](info): TGS_REQ (8 etypes {18 17 16 5 23
3 2 1}) 172.16.1.1: UNKNOWN_SERVER: authtime 0, [email protected] for
krbtgt/[email protected], Server not found in Kerberos database
It seems that the client is trying to get a ticket for the afs client.
AFS is not enabled on my BSD box and I don't need it. The only reference
I found on UALBERTA.CA is "/etc/afs/ThisCell". Is there a way to
disable this behavior?
Regards,
Claer
