Failing kerberos example client server
kishore chatterjee
kishandchat at yahoo.com
Fri Nov 21 08:43:52 EST 2003
Hi,
I am a beginner in Kerberos. I am able to do kerberos admin operations after successful configuration of kerberos 2.0-6 in my alpha m/c running on VMS 7.3
I failed while running given example krb_server and krb_client in its mutual authentication functions.
In krb_client the api krb5_sendauth returned as
KRB_CLIENT: Server not found in Kerberos database while using sendauth
and in krb_sever the error message returned as
KRB_SERVER: Unknown code 53 while receiving authorization from client
Here are more details on setup/environment
1] Both of my client and server running on same m/c and the host looks like
nslookup
> xdcxc.bgo.dev.com
Server: usdin.bgo.dev.com
Address: 16.138.244.51
xdcxc.bgo.dev.com internet address = 16.123.234.138
bgo.dev.com nameserver = andes.bgo.dev.com
bgo.dev.com nameserver = halogin01.hansa.net
bgo.dev.com nameserver = usdin.bgo.dev.com
andes.bgo.dev.com internet address = 16.136.224.49
halogin01.hansa.net internet address = 16.230.18.51
usdin.bgo.dev.com internet address = 16.111.201.51
2] The Krb5.conf is
XDCXC$ type KRB5.CONF;1
[libdefaults]
default_realm = XDCXC.BGO.DEV.COM
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
XDCXC.BGO.DEV.COM = {
kdc = xdcxc.bgo.dev.com:88
admin_server = xdcxc.bgo.dev.com:749
default_domain = bgo.dev.com
}
[domain_realm]
.bgo.dev.com = XDCXC.BGO.DEV.COM
bgo.dev.com = XDCXC.BGO.DEV.COM
[logging]
kdc = FILE=krb$root:[log]krb$krb5kdc.log
admin_server = FILE=krb$root:[log]krb$kadmind.log
default = FILE=krb$root:[log]krb5lib.log
3] The kdc.conf looks like
XDCXC$ type KDC.CONF;1
[kdcdefaults]
kdc_ports = 750,88
[realms]
XDCXC.BGO.DEV.COM = {
database_name = krb$root:[krb5kdc]principal
admin_keytab = krb$root:[krb5kdc]kadm5.keytab
acl_file = krb$root:[krb5kdc]kadm5.acl
key_stash_file = krb$root:[krb5kdc_k5_XDCXC_XKO_DEC_COM
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
4] The principals are
KRB$KADMIN:listprincs
K/M at XDCXC.BGO.DEV.COM
SYSTEM/admin at XDCXC.BGO.DEV.COM
kadmin/admin at XDCXC.BGO.DEV.COM
kadmin/changepw at XDCXC.BGO.DEV.COM
kadmin/history at XDCXC.BGO.DEV.COM
krb_sample/xdcxc at XDCXC.BGO.DEV.COM
krbtgt/XDCXC.BGO.DEV.COM at XDCXC.BGO.DEV.COM
5] The keytab is
KRB$KADMIN:ktlist
krb_sample/xdcxc at XDCXC.BGO.DEV.COM (kvno: 4, etype: Triple DES cbc mode with HMAC/sha1)
krb_sample/xdcxc at XDCXC.BGO.DEV.COM (kvno: 4, etype: DES cbc mode with CRC-32)
6] The klist before running server and client on different session of same m/c
XDCXC$ kinit -kt XDCXC$DKA0:[SYS0.KERBEROS.ETC]KRB5.KEYTAB "krb_sample/xdcxc"
XDCXC$ klist
Ticket cache: FILE:krb$user:[tmp]krb5cc_65540
Default principal: krb_sample/xdcxc at XDCXC.BGO.DEV.COM
Valid starting Expires Service principal
11/20/03 06:20:16 11/20/03 16:20:16 krbtgt/XDCXC.BGO.DEV.COM at XDCXC.BGO.DEV.COM
Kerberos 4 ticket cache: krb$user:[tmp]k4_tkt_cache65540
KRB$KLIST: You have no tickets cached
7] It is a single kdc configuration. Both the client and Server is configured in same m/c.
8] The log files are
XDCXC$DKA0:[SYS0.KERBEROS.LOG]KRB$KADMIND.LOG;1
Nov 20 05:28:01 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](info): starting
Nov 20 05:28:26 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_init, SYSTEM/admin at XDCXC.BGO.DEV.COM, success, client=SYSTEM/admin at XDCXC.
BGO.DEV.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.123.234.138
Nov 20 05:28:31 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_principals, *, success, client=SYSTEM/admin at XDCXC.BGO.DEV.COM, servic
e=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.123.234.138
Nov 20 05:29:07 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_policy, default, Policy does not exist, client=SYSTEM/admin at XDCXC.XKO
.DEC.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.123.234.138
Nov 20 05:29:22 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_init, SYSTEM/admin at XDCXC.BGO.DEV.COM, success, client=SYSTEM/admin at XDCXC.
BGO.DEV.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.123.234.138
Nov 20 05:29:39 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_policy, default, Policy does not exist, client=SYSTEM/admin at XDCXC.XKO
.DEC.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.123.234.138
Nov 20 05:29:39 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_create_principal, krb_sample/xdcxc at XDCXC.BGO.DEV.COM, success, client=SYS
TEM/admin at XDCXC.BGO.DEV.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.138
.247.151
Nov 20 05:29:40 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_randkey_principal, krb_sample/xdcxc at XDCXC.BGO.DEV.COM, success, client=SY
STEM/admin at XDCXC.BGO.DEV.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.13
8.247.151
Nov 20 05:29:40 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_modify_principal, krb_sample/xdcxc at XDCXC.BGO.DEV.COM, success, client=SYS
TEM/admin at XDCXC.BGO.DEV.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.138
.247.151
Nov 20 05:29:49 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_principals, *, success, client=SYSTEM/admin at XDCXC.BGO.DEV.COM, servic
e=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.123.234.138
Nov 20 05:30:10 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_randkey_principal, krb_sample/xdcxc at XDCXC.BGO.DEV.COM, success, client=SY
STEM/admin at XDCXC.BGO.DEV.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.13
8.247.151
Nov 20 05:30:10 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_principal, krb_sample/xdcxc at XDCXC.BGO.DEV.COM, success, client=SYSTEM
/admin at XDCXC.BGO.DEV.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.138.24
7.151
Nov 20 05:30:53 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_randkey_principal, krb_sample/xdcxc at XDCXC.BGO.DEV.COM, success, client=SY
STEM/admin at XDCXC.BGO.DEV.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.13
8.247.151
Nov 20 05:30:53 xdcxc.bgo.dev.com krb$kadmind.exe;1[538969232](Notice): Request:
kadm5_get_principal, krb_sample/xdcxc at XDCXC.BGO.DEV.COM, success, client=SYSTEM
/admin at XDCXC.BGO.DEV.COM, service=kadmin/admin at XDCXC.BGO.DEV.COM, addr=16.138.24
7.151
XDCXC$DKA0:[SYS0.KERBEROS.LOG]KRB$KRB5KDC.LOG;1
Nov 20 05:28:00 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): setting up network...
Nov 20 05:28:00 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): listening on fd 6: 16.123.234.138 port 750
Nov 20 05:28:00 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): listening on fd 7: 16.123.234.138 port 88
Nov 20 05:28:00 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): set up 2 sockets
Nov 20 05:28:00 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): commencing operation
Nov 20 05:28:07 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069277287, etypes {rep=16 tkt=16 ses=16}, SYSTEM/admin at XDCXC.BGO.DEV.COM
for kadmin/admin at XDCXC.BGO.DEV.COM
Nov 20 05:29:17 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069277357, etypes {rep=16 tkt=16 ses=16}, SYSTEM/admin at XDCXC.BGO.DEV.COM
for kadmin/admin at XDCXC.BGO.DEV.COM
Nov 20 05:32:45 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069277565, etypes {rep=16 tkt=16 ses=16}, krb_sample/xdcxc at XDCXC.XKO.DEC
.COM for krbtgt/XDCXC.BGO.DEV.COM at XDCXC.BGO.DEV.COM
Nov 20 05:33:04 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069277584, etypes {rep=16 tkt=16 ses=16}, krb_sample/xdcxc at XDCXC.XKO.DEC
.COM for krbtgt/XDCXC.BGO.DEV.COM at XDCXC.BGO.DEV.COM
Nov 20 05:34:23 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069277663, etypes {rep=16 tkt=16 ses=16}, krb_sample/xdcxc at XDCXC.XKO.DEC
.COM for krbtgt/XDCXC.BGO.DEV.COM at XDCXC.BGO.DEV.COM
Nov 20 05:34:55 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): TGS_REQ (2 etypes {16 1}) 16.123.234.138(88): UNKNOWN_
SERVER: authtime 1069277663, krb_sample/xdcxc at XDCXC.BGO.DEV.COM for krb_sample/
idcm.bgo.dev.com at XDCXC.BGO.DEV.COM, Server not found in Kerberos database
Nov 20 05:35:24 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): TGS_REQ (2 etypes {16 1}) 16.123.234.138(88): UNKNOWN_
SERVER: authtime 1069277663, krb_sample/xdcxc at XDCXC.BGO.DEV.COM for krb_sample/
idcm.bgo.dev.com at XDCXC.BGO.DEV.COM, Server not found in Kerberos database
Nov 20 06:20:16 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): AS_REQ (2 etypes {16 1}) 16.123.234.138(88): ISSUE: au
thtime 1069280416, etypes {rep=16 tkt=16 ses=16}, krb_sample/xdcxc at XDCXC.XKO.DEC
.COM for krbtgt/XDCXC.BGO.DEV.COM at XDCXC.BGO.DEV.COM
Nov 20 06:25:38 xdcxc.bgo.dev.com xdcxc$dka0:[sys0.syscommon.][sysexe]krb$krb5kd
c.exe;1[538969225](info): TGS_REQ (2 etypes {16 1}) 16.123.234.138(88): UNKNOWN_
SERVER: authtime 1069280416, krb_sample/xdcxc at XDCXC.BGO.DEV.COM for krb_sample/
idcm.bgo.dev.com at XDCXC.BGO.DEV.COM, Server not found in Kerberos database
I tried by creating principals and generating keytabs in different occasions like
a] krb_sample/XDCXC.BGO.DEV.COM at XDCXC.BGO.DEV.COM
b] krb_sample/xdcxc.bgo.dev.com at XDCXC.BGO.DEV.COM
Execution shows that server received the connection request and socket routines are working fine
I followed the steps mentioned in setup.com.
Can you please help me to troubleshoot and commission the application successfully.
Thanks and Regards,
randy
---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it nowwFrom news at ra.nrl.navy.mil Fri Nov 21 08:56:15 2003
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id hALDuAqb009391
for <kerberos at PCH.mit.edu>; Fri, 21 Nov 2003 08:56:11 -0500 (EST)
Received: from ra.nrl.navy.mil (ra.nrl.navy.mil [132.250.1.121])
hALDu9n9026677
for <kerberos at MIT.EDU>; Fri, 21 Nov 2003 08:56:09 -0500 (EST)
Received: (from news at localhost)
by ra.nrl.navy.mil (8.11.7p1+Sun/8.11.7) id hALDqKM23091
for kerberos at MIT.EDU; Fri, 21 Nov 2003 08:52:20 -0500 (EST)
From: loop at netsoc.tcd.ie (Mark Phalan)
X-Newsgroups: comp.protocols.kerberos
Date: 21 Nov 2003 05:52:18 -0800
Organization: http://groups.google.com
Message-ID: <f99728dd.0311210552.47224854 at posting.google.com>
To: kerberos at MIT.EDU
X-Mailman-Approved-At: Sat, 22 Nov 2003 10:59:08 -0500
Subject: Client and server on same machine
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Fri, 21 Nov 2003 13:56:17 -0000
Hi,
I'm developing a GSSAPI application and wanted to install kerberos to
test/compile it. Unfortunately for the moment I only have a single
machine. I built MIT kerberos (5-1.3.1) from source and installed it
into /opt/kerberos. I want to run both the client and server from this
machine.
Ran:
-> kdb5_util create -r LOCALHOST -s
Added principals to the acl and then added principals to the kerberos
database.
Created the keytab file using "kadmind.local".
Started "kadmind" daemon.
Started "krb5kdc". --> Segmentation fault
-> cat /var/log/krb5kdc.log
Nov 21 14:44:26 localhost.localdomain krb5kdc[4498](info): setting up
network...
I running a modified Fedora Core 1 with kerbel 2.6.0-test9.
Might the problems be caused by trying to run the server on 127.0.0.1?
Are there any ways around this on a standalone machine?
Can anyone help?
Thanks,
Mark.
Configuration files:
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = LOCALHOST
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
LOCALHOST = {
kdc = localhost:88
admin_server = localhost:749
default_domain = localhost
}
[domain_realm]
localhost = LOCALHOST
.localdomain = LOCALHOST
[kdc]
profile = /opt/kerberos/var/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
-----------------------------------
/opt/kerberos/var/kdc.conf
[kdcdefaults]
kdc_ports = 88,750
[realms]
LOCALHOST = {
database_name = /opt/kerberos/var/krb5kdc/principal
admin_keytab = /opt/kerberos/var/krb5kdc/kadm5.keytab
acl_file = /opt/kerberos/var/krb5kdc/kadm5.acl
dict_file = /opt/kerberos/var/krb5kdc/kadm5.dict
key_stash_file = /opt/kerberos/var/krb5kdc/.k5.ATHENA.MIT.EDU
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
}
More information about the Kerberos
mailing list