and here is log output from KDS
Dec 19 14:49:48 CH124 krb5kdc[16324](info): AS_REQ (12 etypes {18 17 16 23
1 3 2 11 10 15 12 13}) 192.168.10.126: SERVER_NOT_FOUND:
host/monitor.benchmark@benchmark.com for
kadmin/kerberos.benchmark@benchmark.com, Server not found in Kerberos
database
Dec 19 14:49:48 CH124 krb5kdc[16324](info): AS_REQ (12 etypes {18 17 16 23
1 3 2 11 10 15 12 13}) 192.168.10.126: ISSUE: authtime 1387435788, etypes
{rep=18 tkt=18 ses=18}, host/monitor.benchmark@benchmark.com for
kadmin/ad...@benchmark.com
On Thu, Dec 19, 2013 at 2:57 PM, ch huang justlo...@gmail.com wrote:
hi,maillist:
i do the following action but seems not work
# yum install krb5-workstation
copy krb5.conf from KDS host
and here is my krb5.conf content
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EXAMPLE.COM http://example.com/
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
BENCHMARK.COM http://benchmark.com/ = {
kdc = kerberos.benchmark.com:88
admin_server = kerberos.benchmark.com:749
default_domain = benchmark.com
}
[domain_realm]
.benchmark.com = BENCHMARK.COM http://benchmark.com/
benchmark.com = BENCHMARK.COM http://benchmark.com/
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
also, client can find KDS
# nslookup 192.168.10.124
Server: 192.168.10.124
Address:192.168.10.124#53
124.10.168.192.in-addr.arpa name = kerberos.benchmark.com.
# ping kerberos.benchmark.com
PING kerberos.benchmark.com (192.168.10.124) 56(84) bytes of data.
64 bytes from CH124 (192.168.10.124): icmp_seq=1 ttl=64 time=0.109 ms
64 bytes from CH124 (192.168.10.124): icmp_seq=2 ttl=64 time=0.166 ms
when i do this from client ,it not work
# kadmin -r BENCHMARK.COM http://benchmark.com/ -p
host/monitor.benchmark@benchmark.com -w root -q ktadd -k
/etc/krb5.keytab host/monitor.benchmark@benchmark.com
Authenticating as principal host/monitor.benchmark@benchmark.com with
password.
kadmin: Incorrect password while initializing kadmin interface
but i can do on KDS with same password,i do not know why? anyone can help?
# kadmin -r BENCHMARK.COM http://benchmark.com/
Authenticating as principal root/ad...@benchmark.com with password.
Password for root/ad...@benchmark.com:
kadmin:
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos