kinit(v5): Cannot contact any KDC for requested......
muzaffar.sultan@telvent.abengoa.com
muzaffar.sultan at telvent.abengoa.com
Thu Nov 13 12:00:54 EST 2003
Thanks Jin for the tip.
I tried that as well and it did not work.
I've stopped using DNS to troubleshoot the problem.
Here's principals list:
[root at kerberos sample]# /usr/local/sbin/kadmin.local
Authenticating as principal muzaffar/admin at RTDLINUX.COM with password.
kadmin.local: listprincs
K/M at RTDLINUX.COM
host/kerberos.rtdlinux.com at RTDLINUX.COM
kadmin/admin at RTDLINUX.COM
kadmin/changepw at RTDLINUX.COM
kadmin/history at RTDLINUX.COM
krbtgt/RTDLINUX.COM at RTDLINUX.COM
muzaffar/admin at RTDLINUX.COM
root at RTDLINUX.COM
sample/kerberos.rtdlinux.com at RTDLINUX.COM
Here's output from keytab file:
[root at kerberos sample]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
4 kadmin/admin at RTDLINUX.COM
4 kadmin/admin at RTDLINUX.COM
4 kadmin/changepw at RTDLINUX.COM
4 kadmin/changepw at RTDLINUX.COM
2 host/kerberos.rtdlinux.com at RTDLINUX.COM
2 host/kerberos.rtdlinux.com at RTDLINUX.COM
_________________________________________________________
Muzaffar Sultan--Telvent
muzaffar.sultan at telvent.abengoa.com
Ph: (403)-301-5020
|---------+------------------------------>
| |xiongj at rpi.edu |
| | |
|---------+------------------------------>
>----------------------------------------------------------------------------------------------------------------------------|
| |
>----------------------------------------------------------------------------------------------------------------------------|
|---------+------------------------------>
| |xiongj at rpi.edu |
| | |
| |11/13/2003 09:36 AM |
| |Por favor, responda a xiongj |
| | |
|---------+------------------------------>
>----------------------------------------------------------------------------------------------------------------------------|
| |
| to: muzaffar.sultan at telvent.abengoa.com |
| cc: Kerberos at mit.edu |
| Subject: Re: kinit(v5): Cannot contact any KDC for requested...... |
>----------------------------------------------------------------------------------------------------------------------------|
I'm also using Kerberos with RH...
I don't see your hosts in your principal list...
You should add the host, with a random key and store it in /etc/krb5.keytab
for every host that's in the realm, including the KDC.
That could be the cause of your problem...
I'm not sure though I'm also not using DNS.
- Jin
On Wed, 12 Nov 2003 20:54:52 -0700 muzaffar.sultan at telvent.abengoa.com
wrote:
> Hi All,
>
> This is my first email to clug. I hope there's kerberos expert on this
> list.
> I've been battling with kerberos issues for couple of days.
>
> I've installed latest kerberos on RH advance server according to
> documentation.
> Everything seems ok but kerberos client apps like kinit are not working.
>
> I could run kadmin.local. All important principals are created as well.
>
> I logged in as root on the same machine where master kdc is running. I've
> setup DNS as well but no success.
>
> I noticed one thing: I did not create principal for root at RTDLINUX.COM.
> When
> I ran kinit, this is the message I got in krb4kdc.log file:
>
> Nov 11 15:06:01 kerberos krb5kdc[26446](info): AS_REQ (6 etypes {18 16 23
> 1
> 3 2}) 128.1.1.70: CLIENT_NOT_FOUND: root at RTDLINUX.COM for
> krbtgt/RTDLINUX.COM at RTDLINUX.COM, Client not found in Kerberos database
> Nov 11 15:06:01 kerberos krb5kdc[26446](info): DISPATCH: repeated
> (retransmitted?) request from 128.1.1.70, resending previous response
>
> When I created this principal, krb5kdc dies silently (no message in log).
> It seems like kinit is communicating with kdc but somehow krb5kdc process
> crashes.
>
> when I run kinit. kinit complains with this error:
> kinit(v5): Cannot contact any KDC for requested realm while getting
> initial
> credentials
>
> Here's my krb5.conf file:
> [root at kerberos krb5kdc]# more /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = RTDLINUX.COM
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> RTDLINUX.COM = {
> kdc = kerberos.rtdlinux.com:88
> admin_server = kerberos.rtdlinux.com:749
> default_domain = rtdlinux.com
> }
>
> [domain_realm]
> .rtdlinux.com = RTDLINUX.COM
> rtdlinux.com = RTDLINUX.COM
>
>
> [kdc]
> profile = /usr/local/var/krb5kdc/kdc.conf
>
> [pam]
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
>
> Here's kdc.conf file contents:
> [root at kerberos krb5kdc]# more /usr/local/var/krb5kdc/kdc.conf
> [kdcdefaults]
> kdc_ports = 88,750
>
> [realms]
> RTDLINUX.COM = {
> database_name = /usr/local/var/krb5kdc/principal
> admin_keytab = /etc/krb5.keytab
> acl_file = /usr/local/var/krb5kdc/kadm5.acl
> key_stash_file =
/usr/local/var/krb5kdc/.k5.RTDLINUX.COM
> kadmin_port = 749
> kdc_ports = 88,750
> max_life = 10h 0m 0s
> max_renewable_life = 7d 0h 0m 0s
> master_key_type = des3-hmac-sha1
> supported_enctypes = des3-hmac-sha1:normal
> des-cbc-crc:normal
> }
>
> These are the principals:
> K/M at RTDLINUX.COM
> kadmin/admin at RTDLINUX.COM
> kadmin/changepw at RTDLINUX.COM
> kadmin/history at RTDLINUX.COM
> krbtgt/RTDLINUX.COM at RTDLINUX.COM
> muzaffar/admin at RTDLINUX.COM
> root at RTDLINUX.COM
>
> Please help me if anybody has any clue.
>
> Thanks in advance.
> _________________________________________________________
> Muzaffar Sultan--Telvent
> muzaffar.sultan at telvent.abengoa.com
> Ph: (403)-301-5020
>
>
>
>
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list