klist failed at client machine.
sam
samwun at hgcbroadband.com
Fri May 28 21:43:27 EDT 2004
h.dadgari at comcast.net wrote:
> Check the messages on KDC logfile
>
> /usr/local/var/krb5kdc/kdc.log
>
> Hooshang
>
>
>
>>Hi,
>>
>>I have installed a KDC in a FreeBSD server, the redhat is act as a
>>client. When I execute the command klist in redhat, I got the following
>>error:
>>
>>root at redhat [11:17pm] [/etc]# klist
>>klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
>>
>>Kerberos 4 ticket cache: /tmp/tkt0
>>klist: You have no tickets cached
>>root at redhat [11:17pm] [/etc]#
>>
>>and kinit failed:
>>root at redhat [11:25pm] [/etc]# kinit
>>kinit(v5): Client not found in Kerberos database while getting initial
>>credentials
>>
>>
>>do I need to start kerberos service in redhat too? it doesnt make sense
>>to start kerberos service in redhat, because the redhat is a client.
>>
>>Thanks
>>sam
I looked at the krb5kdc.log file, it has alot of err msg about
sam/admin at ROCK.COM not found in database:
2004-05-28T22:08:34 UNKNOWN -- sam/admin at ROCK.COM: No such entry in the
database
2004-05-28T22:08:34 sending 122 bytes to IPv4:192.168.1.1
2004-05-28T22:36:32 AS-REQ root at ROCK.COM from IPv4:192.168.1.91 for
krbtgt/ROCK.COM at ROCK.COM
2004-05-28T22:36:32 UNKNOWN -- root at ROCK.COM: No such entry in the
database
2004-05-28T22:36:32 sending 119 bytes to IPv4:192.168.1.91
2004-05-28T22:36:32 AS-REQ root at ROCK.COM from IPv4:192.168.1.91 for
krbtgt/ROCK.COM at ROCK.COM
2004-05-28T22:36:32 UNKNOWN -- root at ROCK.COM: No such entry in the
database
2004-05-28T22:36:32 sending 119 bytes to IPv4:192.168.1.91
2004-05-28T22:44:53 AS-REQ root at ROCK.COM from IPv4:192.168.1.254 for
krbtgt/ROCK.COM at ROCK.COM
...
the log file also shown that the kerberos server is started and listening:
2004-05-29T09:18:01 listening on IPv6:::1 port 88/udp
2004-05-29T09:18:01 listening on IPv6:::1 port 88/tcp
2004-05-29T09:18:01 listening on IPv4:192.168.1.1 port 88/udp
2004-05-29T09:18:01 listening on IPv4:192.168.4.1 port 88/udp
2004-05-29T09:18:01 listening on IPv4:127.0.0.1 port 88/udp
2004-05-29T09:18:01 listening on IPv4:192.168.1.1 port 88/tcp
2004-05-29T09:18:01 listening on IPv4:192.168.4.1 port 88/tcp
2004-05-29T09:18:01 listening on IPv4:127.0.0.1 port 88/tcp
But the execution of the klist command failed in the server:
root at fbsd [9:25am] [~]# klist
klist: No ticket file: /tmp/krb5cc_0
root at fbsd [9:37am] [~]#
There is more than one problem now, the first one is the
sam/admin at ROCK.COM or root at ROCK.COM and the second one is don't now why
klist can't find ticket.
For the first problem, do I need to make sure sam/root/admin at ROCK.COM
must exist in the network enviornment, means that they must be a valid
email account in the network enviornment?
For the second problem (klist), since I just boot up the machine, I
guess the kerberos server (fbsd in this case) always clean up the ticket
whenever it booted up? I confirmed that I have added an intruction in
the rc.conf file (clear_tmp_enable="YES") which will automatically clean
up the /tmp directory whenever the system started up. But save ticket
file to the /tmp directory is not a good idea to me. How can I change
the path of the ticket file?
Thanks
sam
More information about the Kerberos
mailing list