subject:"Kerberos configuration file"

Kerberos configuration file

2004-02-26 Thread Matthias Haslbeck

I'm trying to configure Kerberos for use with Oracle9i Database
through ASO (Advanced Security Option) and Windows 2000 Server with
Active Directory.
When trying to get the initial ticket with the okinit utility there's
always the error message: "Improper format of configuration file". So
i reviewed my krb5.conf file a few times but i can't find the mistake.
Here's the content of the file:

[libdefaults]
default_realm=MYCOMPANY.LOCAL
[realms]
nkk-1gje43lrh5h.mycompany.local={kdc=mycompany.local}
[domain_realm]
.mycompany.local=MYCOMPANY.LOCAL

"mycompany.local" is the domain of my network and should be the realm
of the KDC. "nkk-1gje43lrh5h" is the name of my server which hosts the
Active Directory.

Please tell me what's wrong!

Kerberos mailing list   [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Kerberos configuration file

2004-02-26 Thread Thomas A. La Porte

There is an Oracle configuration option that goes into sqlnet.ora 
that determines whether or not you are using a new MIT-style 
krb5.conf file:

SQLNET.KERBEROS5_CONF_MIT = TRUE

>From the Oracle documentation:

Parameter:

SQLNET.KERBEROS5_CONF_MIT=[TRUE|FALSE]

Description:

This parameter specifies whether the new MIT Kerberos 
configuration format is used. If the value is set to TRUE, it 
will parse the file according to the new configuration format 
rules. When the value is set to FALSE, the default (non-MIT) 
configuration is used. The default is FALSE.

++

This may be the problem that you are experiencing.

 -- Tom

Thomas A. La Porte, DreamWorks SKG
  

On 26 Feb 2004, Matthias Haslbeck wrote:

>I'm trying to configure Kerberos for use with Oracle9i Database
>through ASO (Advanced Security Option) and Windows 2000 Server with
>Active Directory.
>When trying to get the initial ticket with the okinit utility there's
>always the error message: "Improper format of configuration file". So
>i reviewed my krb5.conf file a few times but i can't find the mistake.
>Here's the content of the file:
>
>[libdefaults]
>default_realm=MYCOMPANY.LOCAL
>[realms]
>nkk-1gje43lrh5h.mycompany.local={kdc=mycompany.local}
>[domain_realm]
>.mycompany.local=MYCOMPANY.LOCAL
>
>"mycompany.local" is the domain of my network and should be the realm
>of the KDC. "nkk-1gje43lrh5h" is the name of my server which hosts the
>Active Directory.
>
>Please tell me what's wrong!
>
>Kerberos mailing list   [EMAIL PROTECTED]
>https://mailman.mit.edu/mailman/listinfo/kerberos
>


Kerberos mailing list   [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Kerberos configuration file

2004-02-27 Thread Nalin Dahyabhai

On Thu, Feb 26, 2004 at 12:45:36AM -0800, Matthias Haslbeck wrote:
> [libdefaults]
> default_realm=MYCOMPANY.LOCAL
> [realms]
> nkk-1gje43lrh5h.mycompany.local={kdc=mycompany.local}
[snip]
> "mycompany.local" is the domain of my network and should be the realm
> of the KDC. "nkk-1gje43lrh5h" is the name of my server which hosts the
> Active Directory.
> 
> Please tell me what's wrong!

In addition to what Thomas suggests, you've got the name of the realm
(capitalization is important) and the host name of your KDC swapped.
Your [realms] section should probably read:
 [realms]
  MYCOMPANY.LOCAL = { kdc = nkk-1gje43lrh5h.mycompany.local }

HTH,

Nalin

Kerberos mailing list   [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Same config as server: kinit(v5): Improper format of Kerberos configuration file...

2008-12-22 Thread Mathew Rowley

I am trying to set up a server for kerberos authentication, but when I copy
my krb5.conf file over to the server, I get the following error while trying
to do a kinit:

kinit(v5): Improper format of Kerberos configuration file while initializing
Kerberos 5 library

The only difference I can see is the versions installed on the kerberos
server vs the secondary server.  The kerberos server has 1.6.1, and the
machine I want to use krb based auth has 1.4.3. Will that cause this error
to occur?  This is the krb5.conf file:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = IPA.COMCAST.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

[realms]
 IPA.COMCAST.COM = {
  kdc = ipa01.security.lab.comcast.com:88
  admin_server = ipa01.security.lab.comcast.com:749
  default_domain = security.lab.comcast.com
  database_module = openldap_ldapconf
 }

[domain_realm]
 .security.lab.comcast.com = IPA.COMCAST.COM
 security.lab.comcast.com = IPA.COMCAST.COM
   
[dbdefaults]
 ldap_kerberos_container_dn = cn=krbcontainer,o=comcast,dc=comcast,dc=com
[dbmodules]
 openldap_ldapconf = {
  db_library = kldap
  ldap_kerberos_container_dn = cn=krbcontainer,o=comcast,dc=comcast,dc=com
  ldap_kdc_dn = "cn=krbadmin,o=comcast,dc=comcast,dc=com"
  # this object needs to have read rights on
  # the realm container, principal container and realm sub-trees
  ldap_kadmind_dn = "cn=krbadmin,o=comcast,dc=comcast,dc=com"
  # this object needs to have read and write rights on
  # the realm container, principal container and realm sub-trees
  ldap_service_password_file = /etc/kerberos/service.keyfile
  ldap_servers = ldap://ipa01.security.lab.comcast.com
  ldap_conns_per_server = 5
}



-- 
MAT


Kerberos mailing list   Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Same config as server: kinit(v5): Improper format of Kerberos configuration file...

2008-12-22 Thread Ken Raeburn

On Dec 22, 2008, at 12:06, Mathew Rowley wrote:
> I am trying to set up a server for kerberos authentication, but when  
> I copy
> my krb5.conf file over to the server, I get the following error  
> while trying
> to do a kinit:
>
> kinit(v5): Improper format of Kerberos configuration file while  
> initializing
> Kerberos 5 library
>
> The only difference I can see is the versions installed on the  
> kerberos
> server vs the secondary server.  The kerberos server has 1.6.1, and  
> the
> machine I want to use krb based auth has 1.4.3. Will that cause this  
> error
> to occur?  This is the krb5.conf file:

I didn't recall this on first reading your message, but after a little  
experimentation it looks like we did have a minor syntax change  
somewhere between 1.4.3 and 1.6.1 -- in the older code, a comment had  
to have the "#" at the start of the line, and now there can be  
whitespace in front of it.  Just remove the leading whitespace from  
those comment lines and all should be fine (though I think 1.4.3  
predates the DAL and LDAP support, so you could just drop that section  
altogether).

Ken

Kerberos mailing list   Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Kerberos configuration file

Re: Kerberos configuration file

Re: Kerberos configuration file

Same config as server: kinit(v5): Improper format of Kerberos configuration file...

Re: Same config as server: kinit(v5): Improper format of Kerberos configuration file...

5 matches

Site Navigation

Mail list logo

Footer information