I'm also using Kerberos with RH... I don't see your hosts in your principal list... You should add the host, with a random key and store it in /etc/krb5.keytab for every host that's in the realm, including the KDC. That could be the cause of your problem... I'm not sure though I'm also not using DNS. - Jin On Wed, 12 Nov 2003 20:54:52 -0700 muzaffar.sultan@telvent.abengoa.com wrote: > Hi All, > > This is my first email to clug. I hope there's kerberos expert on this > list. > I've been battling with kerberos issues for couple of days. > > I've installed latest kerberos on RH advance server according to > documentation. > Everything seems ok but kerberos client apps like kinit are not working. > > I could run kadmin.local. All important principals are created as well. > > I logged in as root on the same machine where master kdc is running. I've > setup DNS as well but no success. > > I noticed one thing: I did not create principal for root@RTDLINUX.COM. > When > I ran kinit, this is the message I got in krb4kdc.log file: > > Nov 11 15:06:01 kerberos krb5kdc[26446](info): AS_REQ (6 etypes {18 16 23 > 1 > 3 2}) 128.1.1.70: CLIENT_NOT_FOUND: root@RTDLINUX.COM for > krbtgt/RTDLINUX.COM@RTDLINUX.COM, Client not found in Kerberos database > Nov 11 15:06:01 kerberos krb5kdc[26446](info): DISPATCH: repeated > (retransmitted?) request from 128.1.1.70, resending previous response > > When I created this principal, krb5kdc dies silently (no message in log). > It seems like kinit is communicating with kdc but somehow krb5kdc process > crashes. > > when I run kinit. kinit complains with this error: > kinit(v5): Cannot contact any KDC for requested realm while getting > initial > credentials > > Here's my krb5.conf file: > [root@kerberos krb5kdc]# more /etc/krb5.conf > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > ticket_lifetime = 24000 > default_realm = RTDLINUX.COM > dns_lookup_realm = false > dns_lookup_kdc = false > > [realms] > RTDLINUX.COM = { > kdc = kerberos.rtdlinux.com:88 > admin_server = kerberos.rtdlinux.com:749 > default_domain = rtdlinux.com > } > > [domain_realm] > .rtdlinux.com = RTDLINUX.COM > rtdlinux.com = RTDLINUX.COM > > > [kdc] > profile = /usr/local/var/krb5kdc/kdc.conf > > [pam] > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > > Here's kdc.conf file contents: > [root@kerberos krb5kdc]# more /usr/local/var/krb5kdc/kdc.conf > [kdcdefaults] > kdc_ports = 88,750 > > [realms] > RTDLINUX.COM = { > database_name = /usr/local/var/krb5kdc/principal > admin_keytab = /etc/krb5.keytab > acl_file = /usr/local/var/krb5kdc/kadm5.acl > key_stash_file = /usr/local/var/krb5kdc/.k5.RTDLINUX.COM > kadmin_port = 749 > kdc_ports = 88,750 > max_life = 10h 0m 0s > max_renewable_life = 7d 0h 0m 0s > master_key_type = des3-hmac-sha1 > supported_enctypes = des3-hmac-sha1:normal > des-cbc-crc:normal > } > > These are the principals: > K/M@RTDLINUX.COM > kadmin/admin@RTDLINUX.COM > kadmin/changepw@RTDLINUX.COM > kadmin/history@RTDLINUX.COM > krbtgt/RTDLINUX.COM@RTDLINUX.COM > muzaffar/admin@RTDLINUX.COM > root@RTDLINUX.COM > > Please help me if anybody has any clue. > > Thanks in advance. > _________________________________________________________ > Muzaffar Sultan--Telvent > muzaffar.sultan@telvent.abengoa.com > Ph: (403)-301-5020 > > > > > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos >