-----Original Message----- > From: Janne Johansson [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 05, 2007 11:09 AM > To: David Rogal > Cc: misc@openbsd.org > Subject: Re: OpenBSD and Kerberos Client > > [EMAIL PROTECTED] wrote: >> Hello all, I'm having a problem setting up kerberos on an OpenBSD >> system. Please advise as you can. > > ...8<... > >> I then tried kadmin on krbc2, which doesn't work. It doesn't even >> bother with trying to get to the admin server. It just gives me a >> prompt 'kadmin>'. Perhaps that's an issue? > > That is how my heimdal kadmins work, so from that you should be able to give > kadmin commands, and if they require admin principals (which most > do) then it will ask for that password at that time, not before. > > prompt# kadmin -p myname/[EMAIL PROTECTED] > kadmin> ank host/[EMAIL PROTECTED] > <asks for myname/[EMAIL PROTECTED] pw and stuff> > > kadmin> ext -k /etc/kerberosV/krb5.keytab host/[EMAIL PROTECTED] > > ..is how I would add hostkeys to an OBSD host using kadmin.
Thanks for that! I tried it, but kadmin doesn't do anything useful. It just hangs - doesn't even time out. Tcpdump and ktrace show that kadmin on the OpenBSD box has a quick chat with Kerberos on the Linux box, but kadmin doesn't like whatever it receives. I think that's because of what Viq has to say about Heimdal and MIT Kerberos being incompatible - at least in respect to kadmin. I've also found some people complaining that keytabs created on a different server than the one in which they are meant for do not work very well. If I can't use Heimdal's kadmin to create the keytab and I can't use one created remotely, then I simply can't use Heimdal. A 'catch 22' which makes OpenBSD unusable for us in this circumstance. Perhaps this is an incentive for Heimdal developers to get kadmin to work with MIT Kerberos. That would help increase its userbase. -- David Rogal Unix Systems Admin TelecityRedbus UK Limited 10th Floor 6&7 Harbour Exchange Square London E14 9GE United Kingdom Tel: +44 207 005 6018 Fax: +44 207 005 6060 Email: [EMAIL PROTECTED] www.telecityredbus.com Europe's leading independent provider of colocation, data centre, hosting and connectivity services. Winner Best Pan European Data Centre Operator Award 2007, Data Centres Europe Awards. TelecityRedbus UK Limited. Registered in England 3607764 Registered Office: Masters House, 107 Hammersmith Road, London W14 0QH UK. This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than the addressees of its existence or contents. please consider the environment before printing this e-mail.
