RE: Getting Started with Kerberos

Srinivas Cheruku Tue, 23 Apr 2002 07:30:25 -0700

The realm you have created is SUB.COMPANY.COM
and your krb5.conf file does not have this realm listed in the realms
option.


Remove all the other realms from the krb5.conf and add realm SUB.COMPANY.COM
in the krb5.conf.
Also change the default realm to the SUB.COMPANY.COM

Srini

-> -----Original Message-----
-> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
-> Sent: Monday, April 22, 2002 11:15 PM
-> To: [EMAIL PROTECTED]
-> Subject: Getting Started with Kerberos
-> 
-> 
-> Group,
-> 
-> I have difficulty in getting kerberos to work on Solaris 7.
-> 
-> I downloaded src distribution from MIT, k5-1.2.4. It was complied and
-> installed successfully. However, after editing /etc/krb5.conf and
-> /opt/local/var/krb5kdc/kdc.conf (The default installation dir is
-> /opt/local) according to adm guide, I was unable to run kadmin, and
-> the error message is
-> 
-> "Authenticating as principal [EMAIL PROTECTED] with password.
-> kadmin: Required parameters in kdc.conf missing while initializing
-> kadmin interface"
-> 
-> Anybody know what's going on here?
-> 
-> thanks.
-> 
-> Sean
-> ================================================
-> /opt/local/var/krb5kdc/kdc.conf
-> ================================================
-> [kdcdefaults]
->         kdc_ports = 88,750
->         kadmind_port = 749
-> 
-> [realms]
->         SUB.COMPANY.COM = {
->                 kadmind_port = 749
->                 database_name = /opt/local/var/krb5kdc/principal
->                 admin_keytab =
-> FILE:/opt/local/var/krb5kdc/kadm5.keytab
->                 acl_file = /opt/local/var/krb5kdc/kadm5.acl
->                 key_stash_file =
-> /opt/local/var/krb5kdc/.k5.SUB.COMPANY.COM
->                 kdc_ports = 750,88
->                 max_life = 10h 0m 0s
->                 max_renewable_life = 7d 0h 0m 0s
->                 master_key_type = des-cbc-crc
->                 supported_enctypes = des-cbc-crc:normal des:normal
-> des:v4 des:nore
-> alm des:onlyrealm des:afs3
->                 kdc_supported_enctypes = des-cbc-crc:normal 
-> des:normal
-> des:v4 des:
-> norealm des:onlyrealm des:afs3
->         }
-> 
-> [logging]
->         kdc = FILE:/opt/local/var/krb5kdc/kdc.log
->         admin_server = FILE:/opt/local/var/krb5kdc/kadmin.log
-> 
-> 
-> ================================================
-> /etc/krb5.conf
-> ================================================
-> [libdefaults]
->         default_realm = NET.CAPITALONE.COM
->         default_tgs_enctypes = des-cbc-crc
->         default_tkt_enctypes = des-cbc-crc
->         krb4_config = /usr/kerberos/lib/krb.conf
->         krb4_realms = /usr/kerberos/lib/krb.realms
-> 
-> [realms]
->         ATHENA.MIT.EDU = {
->                 kdc = KERBEROS-2.MIT.EDU:88
->                 kdc = KERBEROS.MIT.EDU
->                 kdc = KERBEROS-1.MIT.EDU
->                 admin_server = KERBEROS.MIT.EDU
->                 default_domain = MIT.EDU
->                 v4_instance_convert = {
->                         mit = mit.edu
->                         lithium = lithium.lcs.mit.edu
->                 }
->         }
->         CYGNUS.COM = {
->                 kdc = KERBEROS.CYGNUS.COM
->                 kdc = KERBEROS-1.CYGNUS.COM
->                 admin_server = KERBEROS.MIT.EDU
->         }
->         GNU.ORG = {
->                 kdc = kerberos.gnu.org
->                 kdc = kerberos-2.gnu.org
->                 admin_server = kerberos.gnu.org
->         }
-> 
-> [domain_realm]
->         .mit.edu = ATHENA.MIT.EDU
->         mit.edu = ATHENA.MIT.EDU
->         .media.mit.edu = MEDIA-LAB.MIT.EDU
->         media.mit.edu = MEDIA-LAB.MIT.EDU
->         .ucsc.edu = CATS.UCSC.EDU
-> 
-> [logging]
->         kdc = FILE:/var/log/krb5kdc.log
->         admin_server = FILE:/var/log/kadmin.log
->         default = FILE:/var/log/krb5lib.log
-> ________________________________________________
-> Kerberos mailing list           [EMAIL PROTECTED]
-> http://mailman.mit.edu/mailman/listinfo/kerberos
-> 
*********************************************************************
Disclaimer: The information in this e-mail and any attachments is
confidential / privileged. It is intended solely for the addressee or
addressees. If you are not the addressee indicated in this message, you may
not copy or deliver this message to anyone. In such case, you should destroy
this message and kindly notify the sender by reply email. Please advise
immediately if you or your employer does not consent to Internet email for
messages of this kind.
*********************************************************************
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos

RE: Getting Started with Kerberos

Reply via email to