Getting Started with Kerberos
Srinivas Cheruku
csri at sonata-software.com
Tue Apr 23 10:48:38 EDT 2002
The realm you have created is SUB.COMPANY.COM
and your krb5.conf file does not have this realm listed in the realms
option.
Remove all the other realms from the krb5.conf and add realm SUB.COMPANY.COM
in the krb5.conf.
Also change the default realm to the SUB.COMPANY.COM
Srini
-> -----Original Message-----
-> From: x_wu at yahoo.com [mailto:x_wu at yahoo.com]
-> Sent: Monday, April 22, 2002 11:15 PM
-> To: kerberos at mit.edu
-> Subject: Getting Started with Kerberos
->
->
-> Group,
->
-> I have difficulty in getting kerberos to work on Solaris 7.
->
-> I downloaded src distribution from MIT, k5-1.2.4. It was complied and
-> installed successfully. However, after editing /etc/krb5.conf and
-> /opt/local/var/krb5kdc/kdc.conf (The default installation dir is
-> /opt/local) according to adm guide, I was unable to run kadmin, and
-> the error message is
->
-> "Authenticating as principal xwu/admin at SUB.COMPANY.COM with password.
-> kadmin: Required parameters in kdc.conf missing while initializing
-> kadmin interface"
->
-> Anybody know what's going on here?
->
-> thanks.
->
-> Sean
-> ================================================
-> /opt/local/var/krb5kdc/kdc.conf
-> ================================================
-> [kdcdefaults]
-> kdc_ports = 88,750
-> kadmind_port = 749
->
-> [realms]
-> SUB.COMPANY.COM = {
-> kadmind_port = 749
-> database_name = /opt/local/var/krb5kdc/principal
-> admin_keytab =
-> FILE:/opt/local/var/krb5kdc/kadm5.keytab
-> acl_file = /opt/local/var/krb5kdc/kadm5.acl
-> key_stash_file =
-> /opt/local/var/krb5kdc/.k5.SUB.COMPANY.COM
-> kdc_ports = 750,88
-> max_life = 10h 0m 0s
-> max_renewable_life = 7d 0h 0m 0s
-> master_key_type = des-cbc-crc
-> supported_enctypes = des-cbc-crc:normal des:normal
-> des:v4 des:nore
-> alm des:onlyrealm des:afs3
-> kdc_supported_enctypes = des-cbc-crc:normal
-> des:normal
-> des:v4 des:
-> norealm des:onlyrealm des:afs3
-> }
->
-> [logging]
-> kdc = FILE:/opt/local/var/krb5kdc/kdc.log
-> admin_server = FILE:/opt/local/var/krb5kdc/kadmin.log
->
->
-> ================================================
-> /etc/krb5.conf
-> ================================================
-> [libdefaults]
-> default_realm = NET.CAPITALONE.COM
-> default_tgs_enctypes = des-cbc-crc
-> default_tkt_enctypes = des-cbc-crc
-> krb4_config = /usr/kerberos/lib/krb.conf
-> krb4_realms = /usr/kerberos/lib/krb.realms
->
-> [realms]
-> ATHENA.MIT.EDU = {
-> kdc = KERBEROS-2.MIT.EDU:88
-> kdc = KERBEROS.MIT.EDU
-> kdc = KERBEROS-1.MIT.EDU
-> admin_server = KERBEROS.MIT.EDU
-> default_domain = MIT.EDU
-> v4_instance_convert = {
-> mit = mit.edu
-> lithium = lithium.lcs.mit.edu
-> }
-> }
-> CYGNUS.COM = {
-> kdc = KERBEROS.CYGNUS.COM
-> kdc = KERBEROS-1.CYGNUS.COM
-> admin_server = KERBEROS.MIT.EDU
-> }
-> GNU.ORG = {
-> kdc = kerberos.gnu.org
-> kdc = kerberos-2.gnu.org
-> admin_server = kerberos.gnu.org
-> }
->
-> [domain_realm]
-> .mit.edu = ATHENA.MIT.EDU
-> mit.edu = ATHENA.MIT.EDU
-> .media.mit.edu = MEDIA-LAB.MIT.EDU
-> media.mit.edu = MEDIA-LAB.MIT.EDU
-> .ucsc.edu = CATS.UCSC.EDU
->
-> [logging]
-> kdc = FILE:/var/log/krb5kdc.log
-> admin_server = FILE:/var/log/kadmin.log
-> default = FILE:/var/log/krb5lib.log
-> ________________________________________________
-> Kerberos mailing list Kerberos at mit.edu
-> http://mailman.mit.edu/mailman/listinfo/kerberos
->
*********************************************************************
Disclaimer: The information in this e-mail and any attachments is
confidential / privileged. It is intended solely for the addressee or
addressees. If you are not the addressee indicated in this message, you may
not copy or deliver this message to anyone. In such case, you should destroy
this message and kindly notify the sender by reply email. Please advise
immediately if you or your employer does not consent to Internet email for
messages of this kind.
*********************************************************************
More information about the Kerberos
mailing list