At 08:59 AM 12/18/01 +1000, you wrote: >On Mon, 17 Dec 2001 at 2:14pm (-0800), Ben Ocean wrote: > > > Hi; > > I've taken over a new RH71 box and I'm working with kerberos for the first > > time. I've run into a strange problem (see below) that I haven't been able > > to figure out so I thought I'd rebuild from source to be able to run make > > check, etc. But if I do this I'm going to have to rpm -e certain rpms. My > > question is which? Here are the likely candidates: > > > > #rpm -qa |grep krb > > krbafs-1.0.5-1 > > krb5-devel-1.2.2-5 > > krb5-server-1.2.2-5 > > pam_krb5-1.31-1 > > krb5-libs-1.2.2-5 > > krb5-workstation-1.2.2-5 > >I wouldn't worry about messing with your installed RPM's just at the >momment. Perhaps run 'rpm -V' on the krb packages but don't go tearing out >the whole lot untill you understand what the error is about... > > > > > The problem which has prompted this is that I can run kadmin.local without > > error but when I run kadmin I get this error: > > > > #/usr/kerberos/sbin/kadmin > > Authenticating as principal [EMAIL PROTECTED] with > > password. > > kadmin: Cannot resolve network address for KDC in requested realm while > > initializing kadmin interface > >Hmm.. you're actually running this on the KDC I assume since you're doing >kadmin.local and that works. Do you have the kerberos network >daemons running correctly - kadmin, krb5kdc, ect?
No. grepping ps wax for krb5kdc returns a result but does not do so for either kadmin or kadmind. >Assuming yes - can you >manually resolve the kdc's listed in /etc/krb5.conf? Looking at the sample >config... > >[realms] > EXAMPLE.COM = { > kdc = kerberos.example.com:88 > admin_server = kerberos.example.com:749 > default_domain = example.com > } > > >... does kerberos.example.com resolve for you? Subsituting your own values >of course.... :) No, it returns a DNS error. That includes trying to resolve ports 88, 749 and 750 as well as port 80. In viewing /etc/krb5.conf I found the following: [kdc] profile = /var/kerberos/krb5kdc/kdc.conf so I viewed that file and discovered, much to my dismay, there was an unchanged EXAMPLE.COM. I changed it, of course, but now I'm concerned that there may be a few more of these lying about. I've rifled through a few files looking for same without success, and notice there are no more *.conf* files in the kerberos directories, so I may be in the clear on that issue. Other ideas? TIA, BenO _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list