Linux client setup error

Tillman tillman at
Fri Aug 15 15:23:25 EDT 2003

On Fri, Aug 15, 2003 at 11:11:14AM -0600, CJ Keist wrote:
> Okay, didn't get very far.  So far my Solaris 9 box are happy with my  
> Solaris 9 KDC server.  But now my Linux RH9 clients don't want to talk  
> to my KDC server.  After copying over the krb5.conf file and running  
> the kadmin -p admin/admin command it prompts me for the password and  
> then gives me the error:
> kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
> Anyone have any help here?

As Wyllys mentioned, one incompatibility is that kadmin is not a
standardized protocol. You can't use an MIT kadmin against SEAM KDC (or
a Heimdal kadmin against an MIT KDC or any other combination).

You either need to use the SEAM kadmin on your RedHat computers (and I
have no idea if that's even possible) or you need to work around not
being able to use kadmin on the RedHat computers. Often, you can simply
`telnet -x` or `ssh` to the KDC and use `kadmin -l`/`kadmin.local`
(depending on your KDC flavour). Extracting and securely copying keytabs
is almost as easy.

To recap, Kerberos the authentication protocol is standardized and
interoperable. kadmin the management protocol isn't.


To keep from dying is not the same as "to live."
	- Bene Gesserit Saying

More information about the Kerberos mailing list