Testing + Kerberos
Hi!
I've a problem I can't resolve for a few day, I installed a Debian
Testing on it Mit Kerberos:
ii krb5-admin-ser 1.3.3-2 Mit Kerberos master server (kadmind)
ii krb5-config 1.6 Configuration files for Kerberos Version 5
ii krb5-doc 1.3.3-2 Documentation for krb5
ii krb5-kdc 1.3.3-2 Mit Kerberos key server (KDC)
cat /etc/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 750,88
[realms]
TESTAI = {
database_name = /var/lib/krb5kdc/testai
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
kdc_ports = 750,88
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal
des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
default_principal_flags = +preauth
}
cat /etc/krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = TESTAI
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
TESTAI = {
kdc = myhost.mydomain:88
admin_server = myhost.mydomain:750
default_domain = aitia
}
[domain_realm]
mydomain = TESTAI
.mydomain = TESTAI
[logging]
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmin.log
default = FILE:/var/log/kerberos/krb5lib.log
[login]
krb4_convert = false
krb4_get_tickets = false
then I create the database
kdb5_util create -r TESTAI -s
echo "*/admin@TESTAI *" > /etc/krb5kdc/kadm5.acl
with kadmin.local I create:
addprinc root/admin admin/admin
ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
addprinc -randkey host/myhost.mydomain@TESTAI
ktadd -k /etc/krb5.keytab host/myhost.mydomain@TESTAI
then I want to start the krb5-kdc and krb5-admin-server init scripts, the
kdc looks like to start
lsof -i
krb5kdc 2000 root 7u IPv4 3255 UDP
myhost.mydomain:kerberos
krb5kdc 2000 root 8u IPv4 3256 UDP
myhost.mydomain:kerberos4
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
when I want to start krb5-admin-server init script nothing happens, in the
log file appears nothing.
The kadmin -r TESTAI give me this:
Authenticating as principal root/admin@TESTAI with password.
kadmin: Cannot contact any KDC for requested realm while initializing
kadmin interface
what's could be the problem? Can anybody help me?
Best regards
bzg
Reply to: