Error messages
Rick van Rein (OpenFortress)
rick at openfortress.nl
Fri Oct 11 15:17:49 EDT 2013
Hi,
I've been trying to setup Kerberos on LDAP for several days now, on and off, and I have to say I'm a bit disappointment by the quality of the error messages, and what online searching for them yields. I find myself reading source code to see where errors come from. In the hope that it is useful, here are a few examples:
> Oct 11 06:46:54 krbmaxi kadmind[1798](Error): Required parameters in kdc.conf missing while initializing, aborting
It would be useful to know what it is missing. I did follow instructions, adapted to situation & taste, so rereading those is hardly helpful.
> kdb5_ldap_util: Bad encryption type while transforming master key from password
Apperantly not all enctypes can function as master key, notably aes256-cts:normal cannot. This can lead to conformistic use of 3DES, which may actually be the default for backward compatibility on existing systems? but not offer the best choice here. It would therefore be helpful to know which values would be welcomed, for instance in a dump option.
I hope this is useful feedback. I continually find that Kerberos is difficult to get into, but I love the technology underneath!
Cheers,
-Rick
More information about the Kerberos
mailing list