At 08:59 AM 12/18/01 +1000, you wrote:
>On Mon, 17 Dec 2001 at 2:14pm (-0800), Ben Ocean wrote:
>
> > Hi;
> > I've taken over a new RH71 box and I'm working with kerberos for the first
> > time. I've run into a strange problem (see below) that I haven't been able
> > to figure out so I thought I'd rebuild from source to be able to run make
> > check, etc. But if I do this I'm going to have to rpm -e certain rpms. My
> > question is which? Here are the likely candidates:
> >
> > #rpm -qa |grep krb
> > krbafs-1.0.5-1
> > krb5-devel-1.2.2-5
> > krb5-server-1.2.2-5
> > pam_krb5-1.31-1
> > krb5-libs-1.2.2-5
> > krb5-workstation-1.2.2-5
>
>I wouldn't worry about messing with your installed RPM's just at the
>momment. Perhaps run 'rpm -V' on the krb packages but don't go tearing out
>the whole lot untill you understand what the error is about...
>
> >
> > The problem which has prompted this is that I can run kadmin.local without
> > error but when I run kadmin I get this error:
> >
> > #/usr/kerberos/sbin/kadmin
> > Authenticating as principal [EMAIL PROTECTED] with
> > password.
> > kadmin: Cannot resolve network address for KDC in requested realm while
> > initializing kadmin interface
>
>Hmm.. you're actually running this on the KDC I assume since you're doing
>kadmin.local and that works. Do you have the kerberos network
>daemons running correctly - kadmin, krb5kdc, ect?
No. grepping ps wax for krb5kdc returns a result but does not do so for
either kadmin or kadmind.
>Assuming yes - can you
>manually resolve the kdc's listed in /etc/krb5.conf? Looking at the sample
>config...
>
>[realms]
> EXAMPLE.COM = {
> kdc = kerberos.example.com:88
> admin_server = kerberos.example.com:749
> default_domain = example.com
> }
>
>
>... does kerberos.example.com resolve for you? Subsituting your own values
>of course.... :)
No, it returns a DNS error. That includes trying to resolve ports 88, 749
and 750 as well as port 80.
In viewing /etc/krb5.conf I found the following:
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
so I viewed that file and discovered, much to my dismay, there was an
unchanged EXAMPLE.COM. I changed it, of course, but now I'm concerned that
there may be a few more of these lying about. I've rifled through a few
files looking for same without success, and notice there are no more
*.conf* files in the kerberos directories, so I may be in the clear on that
issue.
Other ideas?
TIA,
BenO
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
