Missing parms in kdc.conf
kaladen at cox.net
Thu Nov 25 05:50:23 EST 2004
Mark Sellers wrote:
> I believe the basics are correct.
> I used krb5_newrealm to setup the database.
krb5_newrealm I believe is a Debian script. I have not used it, I
prefer to do things by hand so I can not comment on the exacts but it
should invoke the command kdb5_util create -s which builds the database.
> kdb5_util dump reports the following principles:
> K/M at FOO
> kadmiin/history at FOO
> krbtgt/FOO at FOO
You also should have a kadmin/admin at FOO and kadmin/changepw at FOO
principal. I assume the kadmiin is just a mis copy. The missing
principals could be the problem. Since you have not added anything else
it is safe to destroy this database.
First make sure the krb5kdc and admind daemons are stopped.
Invoke kdb5_util destroy -r FOO. This will delete the database.
Then invoke kdb5_util create -s -r FOO. The -r is not really necessary,
it gets the realm from the conf files, but using it makes sure it gets
the realm just the way you want it, may sure all the conf files agree.
Try kadmin.local and see if you can login, still with no daemons
running. If you can create an admin principal (it does not have to be
root/admin - any user can be a krb5 admin). Let me know it this works.
> This looks correct.
> My krb5.acl contains a single entry: root/admin at FOO
> The place where I first noticed the error when I tried to add the
> admin keytab. Here's the output:
> Authenticating as principal root/admin at FOO with password.
> kadmin.local: Required parameters in kdc.conf missing while
> initializing kadmin.local interface
> From what I can tell, all of this looks correct .. except for the
> damned "missing parameter" problem ;-( Do you see anything wrong
> thus far?
> On Tue, 23 Nov 2004 21:29:11 -0500, bob <bob at cox.net> wrote:
>>Okay, maybe we should backtrack, let me ask some questions about your
>>entire kerberos setup. Have you created the realm principal with
>>kdb5_util, and have you added an admin principal? Also have you created
>>the kadm5.acl file and added a keytab for the kadmin principals?
More information about the Kerberos