some kerberosV problems on my Linux
koko koko
wbyte at programmer.net
Wed Apr 9 11:19:20 EDT 2003
* hello, i have some problems with kerberos V on my SuSE/x86 8.0
* i think you could help me.
wbyte:~ # ps x | grep krb
1818 ? S 0:00 /usr/local/sbin/krb524d -m
1820 ? S 0:00 /usr/local/sbin/krb5kdc
wbyte:~#ps x | grep kadmind
1816 ? S 0:00 kadmind
* the daemons work fine.
wbyte:#su wbyte
wbyte at wbyte:/root>cd;kinit
Password for wbyte at realm.wbyte.com:
wbyte at wbyte:~>kinit -f -l 9h
Password for wbyte at realm.wbyte.com:
wbyte at wbyte:~>telnet localhost
Connected to localhost (127.0.0.1).
Escape character is '^]'.
wbyte (Linux release 2.4.18-4GB #1 Wed Mar 27 13:57:05 UTC 2002) (2)
login:wbyte
Password for wbyte:
Last login: Wed Apr 2 14:58:06 from wbyte.com
Welcome to kerberos.wbyte.com
* It's seems that i can use my principal password for telnet, but when i tried -f -x
-a options:
wbyte at wbyte:~>telnet -f -x -a wbyte.com
Trying 192.168.0.1...
Connected to wbyte.com (192.168.0.1).
Escape character is '^]'.
Waiting for encryption to be negotiated...
Authentication negotation has failed, which is required for
encryption. Good bye.
wbyte at wbyte:~>
* i think this problem comes from that i don't have cache ticked
wbyte at wbyte:~> klist -f
Ticket cache: FILE:/tmp/krb5cc_p2069
Default principal: wbyte at realm.wbyte.com
Valid starting Expires Service principal
04/02/03 15:05:04 04/03/03 01:05:04 krbtgt/realm.wbyte.com at realm.wbyte.com
Flags: I
Kerberos 4 ticket cache: /tmp/tkt500
klist: You have no tickets cached
* i followed all instructions in krb5 documentation.
* i have problems with ftp too
wbyte at wbyte:~> ftp wbyte.com 1236
Connected to wbyte.com.
220 wbyte FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Miscellaneous failure
GSSAPI error minor: Server not found in Kerberos database
GSSAPI error: initializing context
GSSAPI authentication failed
334 Using authentication type KERBEROS_V4; ADAT must follow
KERBEROS_V4 accepted as authentication type
Kerberos V4 krb_mk_req failed: You have no tickets cached
Name (wbyte.com:wbyte):wbyte
530 Must perform authentication before identifying USER.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
* These telnet and ftp clients are from kerberos bin/ directory, but
* with normal ftp and telnet clients i recieved the same errors.
* May be i have some errors in conf files?
==========================krb5.conf============================[libdefaults]
default_realm = realm.wbyte.com
clockskew = 300
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
realm.wbyte.com = {
kdc = kerberos.wbyte.com
v4_instance_convert = {
kerberos = kerberos.wbyte.com
computer = kerberos.wbyte.com
}
}
[domain_realm]
.wbyte.com = realm.wbyte.com
=======================================================================
$cd /usr/local/var/krb5kdc;ls -a;cat kdc.conf
. kadmind.key principal.kadm5.lock wbyte2.kadm5.lock
.. kdc.conf principal.ok wbyte2.ok
.k5.realm.wbyte.com principal wbyte2
kadm5.keytab principal.kadm5 wbyte2.kadm5
[kdcdefaults]
kdc_ports = 750,88
[realms]
realm.wbyte.com = {
kdc = kerberos.wbyte.com
v4_instance_convert = {
kerberos = kerberos.wbyte.com
computer = kerberos.wbyte.com
}
}
[domain_realm]
.wbyte.com = realm.wbyte.com
=======================================================================
$cd /usr/local/var/krb5kdc;ls -a;cat kdc.conf
. kadmind.key principal.kadm5.lock wbyte2.kadm5.lock
.. kdc.conf principal.ok wbyte2.ok
.k5.realm.wbyte.com principal wbyte2
kadm5.keytab principal.kadm5 wbyte2.kadm5
[kdcdefaults]
kdc_ports = 750,88
[realms]
realm.wbyte.com = {
database_name = /usr/local/var/krb5kdc/principal
admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
acl_file = /usr/local/var/krb5kdc/kadm5.acl
key_stash_file = /usr/local/var/krb5kdc/.k5.realm.wbyte.com
kadmin_port= 749
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal des:normal des:v4 des:norealm
des:onlyrealm des:afs3
}
* this is very strange too?
$./kadmin
Authenticating as principal root/admin at realm.wbyte.com with password.
kadmin: Required parameters in kdc.conf missing while initializing kadmin interface
$./kadmin.local
Authenticating as principal wbyte/admin at realm.wbyte.com with password.
kadmin.local: Permission denied while initializing kadmin.local interface
$su root
Password:
wbyte:/usr/local/sbin #./kadmin
Authenticating as principal wbyte/admin at realm.wbyte.com with password.
kadmin: Required parameters in kdc.conf missing while initializing kadmin interface
wbyte:/usr/local/sbin # ./kadmin.local
Authenticating as principal wbyte/admin at realm.wbyte.com with password.
kadmin.local:
* sorry for my poor english, low experience with kerberos and possibly for my stupid
mistakes about configuring and running it.
* Thanks
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
More information about the Kerberos
mailing list