Testing + Kerberos

To: debian-user@lists.debian.org
Subject: Testing + Kerberos
From: Beck Zoltan Gyula <beckzg@midnight.hu>
Date: Mon, 14 Jun 2004 11:45:11 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.58.0406141130431.25703@midnight.midnight.hu>

Hi!

  I've a problem I can't resolve for a few day, I installed a Debian
Testing on it Mit Kerberos:

ii  krb5-admin-ser 1.3.3-2        Mit Kerberos master server (kadmind)
ii  krb5-config    1.6            Configuration files for Kerberos Version 5
ii  krb5-doc       1.3.3-2        Documentation for krb5
ii  krb5-kdc       1.3.3-2        Mit Kerberos key server (KDC)

cat /etc/krb5kdc/kdc.conf

[kdcdefaults]
        kdc_ports = 750,88

[realms]
TESTAI = {
                database_name = /var/lib/krb5kdc/testai
                admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
                acl_file = /etc/krb5kdc/kadm5.acl
                key_stash_file = /etc/krb5kdc/stash
                kdc_ports = 750,88
                kadmind_port = 749
                max_life = 10h 0m 0s
                max_renewable_life = 7d 0h 0m 0s
                master_key_type = des3-hmac-sha1
                supported_enctypes = des3-hmac-sha1:normal
des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
                default_principal_flags = +preauth
        }


cat /etc/krb5.conf

[libdefaults]
        ticket_lifetime         = 600
        default_realm           = TESTAI
        default_tkt_enctypes    = des3-hmac-sha1 des-cbc-crc
        default_tgs_enctypes    = des3-hmac-sha1 des-cbc-crc
        permitted_enctypes      = des3-hmac-sha1 des-cbc-crc des-cbc-md5
        kdc_timesync            = 1
        ccache_type             = 4
        forwardable             = true
        proxiable               = true

[realms]
TESTAI = {
        kdc                     = myhost.mydomain:88
        admin_server            = myhost.mydomain:750
        default_domain          = aitia
}

[domain_realm]
        mydomain                   = TESTAI
        .mydomain                  = TESTAI

[logging]
        kdc                     = FILE:/var/log/kerberos/krb5kdc.log
        admin_server            = FILE:/var/log/kerberos/kadmin.log
        default                 = FILE:/var/log/kerberos/krb5lib.log

[login]
        krb4_convert            = false
        krb4_get_tickets        = false


then I create the database

kdb5_util create -r TESTAI -s

echo "*/admin@TESTAI   *" > /etc/krb5kdc/kadm5.acl

with kadmin.local I create:

addprinc root/admin admin/admin
ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
addprinc -randkey host/myhost.mydomain@TESTAI
ktadd -k /etc/krb5.keytab host/myhost.mydomain@TESTAI

then I want to start the krb5-kdc and krb5-admin-server init scripts, the
kdc looks like to start

lsof -i
krb5kdc  2000        root    7u  IPv4   3255       UDP
myhost.mydomain:kerberos
krb5kdc  2000        root    8u  IPv4   3256       UDP
myhost.mydomain:kerberos4

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

when I want to start krb5-admin-server init script nothing happens, in the
log file appears nothing.

The kadmin -r TESTAI give me this:

Authenticating as principal root/admin@TESTAI with password.
kadmin: Cannot contact any KDC for requested realm while initializing
kadmin interface


what's could be the problem? Can anybody help me?

  Best regards
bzg

Reply to:

Prev by Date: Debian
Next by Date: Re: Debian
Previous by thread: Re: Woody server - rebooted itself (twice)
Next by thread: debootstrap finally works, i think
Index(es):
- Date
- Thread