On Tue, 2004-10-19 at 22:44, Marcus O. White wrote: > G'day All, > > I've attempting to get kerberos installed and configured on a RHEL 3.0 > server. Originally RHEL came with kerberos 1.2.7. I located and > installed from rpm the 1.3.4 version of kerberos. I had it working at > one point then decided to recreate the principal databases and keytab > files. Since recreating the databases kerberos has not worked. I > continually receive: "kinit(v5): Password incorrect while getting > initial". I've checked and rechecked the password numerous times. > > I used the following script to create the kerberos database: > > ------------------------- cut here ----------------------- > #!/bin/sh > # Script to initialize Kerberos Database > # > KRBDOMAIN=<Kerberos Domain> > KRBFQDN=<domain name> > KRBDIR=/var/kerberos/krb5kdc > > echo "Initialize Kerberos Database..." > > /usr/kerberos/sbin/kdb5_util create -r $KRBDOMAIN -s > > echo "Creating initial admin roles..." > > for x in admin changepw > do > /usr/kerberos/sbin/kadmin.local -q "ktadd -k > $KRBDIR/kadm5.keytab kadmin/$x" > done > > echo "Done." > > /sbin/service krb5kdc start > /sbin/service kadmin start > > echo "Adding Principals..." > > for x in krbadm Manager Replicator > do > echo "Adding $x" > if [ "$x" = "krbadm" ]; then > /usr/kerberos/sbin/kadmin.local -q "ank > $x/[EMAIL PROTECTED]" > /usr/kerberos/sbin/kadmin.local -q "ktadd > $x/[EMAIL PROTECTED]" > else > /usr/kerberos/sbin/kadmin.local -q "ank [EMAIL PROTECTED]" > /usr/kerberos/sbin/kadmin.local -q "ktadd [EMAIL PROTECTED]" > fi > done > > echo "Adding Network Hosts..." > > for x in server1 server2 ... > do > /usr/kerberos/sbin/kadmin.local -q "ank -randkey > host/$x.$KRBFQDN" > /usr/kerberos/sbin/kadmin.local -q "ank -randkey > ldap/$x.$KRBFQDN" > /usr/kerberos/sbin/kadmin.local -q "ktadd host/$x.$KRBFQDN" > /usr/kerberos/sbin/kadmin.local -q "ktadd ldap/$x.$KRBFQDN" > done > > echo "Done." > > /bin/chmod 644 /etc/krb5.keytab > > > > --------------------------end cut ------------------------- > > Is the proper way to create the kerberos database? If not, what is the > proper way? What else should I be looking at? > > Marcus O. > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos >
Discovered the flaw in my logic... Removed the exporting (ktadd) of principals with assigned passwords from the script. All is well... Marcus O. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos