Linux client setup error
tillman at seekingfire.com
Fri Aug 15 15:23:25 EDT 2003
On Fri, Aug 15, 2003 at 11:11:14AM -0600, CJ Keist wrote:
> Okay, didn't get very far. So far my Solaris 9 box are happy with my
> Solaris 9 KDC server. But now my Linux RH9 clients don't want to talk
> to my KDC server. After copying over the krb5.conf file and running
> the kadmin -p admin/admin command it prompts me for the password and
> then gives me the error:
> kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
> Anyone have any help here?
As Wyllys mentioned, one incompatibility is that kadmin is not a
standardized protocol. You can't use an MIT kadmin against SEAM KDC (or
a Heimdal kadmin against an MIT KDC or any other combination).
You either need to use the SEAM kadmin on your RedHat computers (and I
have no idea if that's even possible) or you need to work around not
being able to use kadmin on the RedHat computers. Often, you can simply
`telnet -x` or `ssh` to the KDC and use `kadmin -l`/`kadmin.local`
(depending on your KDC flavour). Extracting and securely copying keytabs
is almost as easy.
To recap, Kerberos the authentication protocol is standardized and
interoperable. kadmin the management protocol isn't.
To keep from dying is not the same as "to live."
- Bene Gesserit Saying
More information about the Kerberos