Linux client setup error
Tillman
tillman at seekingfire.com
Fri Aug 15 15:23:25 EDT 2003
On Fri, Aug 15, 2003 at 11:11:14AM -0600, CJ Keist wrote:
> Okay, didn't get very far. So far my Solaris 9 box are happy with my
> Solaris 9 KDC server. But now my Linux RH9 clients don't want to talk
> to my KDC server. After copying over the krb5.conf file and running
> the kadmin -p admin/admin command it prompts me for the password and
> then gives me the error:
>
> kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
>
> Anyone have any help here?
As Wyllys mentioned, one incompatibility is that kadmin is not a
standardized protocol. You can't use an MIT kadmin against SEAM KDC (or
a Heimdal kadmin against an MIT KDC or any other combination).
You either need to use the SEAM kadmin on your RedHat computers (and I
have no idea if that's even possible) or you need to work around not
being able to use kadmin on the RedHat computers. Often, you can simply
`telnet -x` or `ssh` to the KDC and use `kadmin -l`/`kadmin.local`
(depending on your KDC flavour). Extracting and securely copying keytabs
is almost as easy.
To recap, Kerberos the authentication protocol is standardized and
interoperable. kadmin the management protocol isn't.
-T
--
To keep from dying is not the same as "to live."
- Bene Gesserit Saying
More information about the Kerberos
mailing list