Missing parms in kdc.conf

bob kaladen at cox.net
Thu Nov 25 05:50:23 EST 2004

Mark Sellers wrote:
> I believe the basics are correct.
> I used krb5_newrealm to setup the database.

krb5_newrealm I believe is a Debian script.  I have not used it, I 
prefer to do things by hand so I can not comment on the exacts but it 
should invoke the command kdb5_util create -s which builds the database.
> kdb5_util dump reports the following principles:
> K/M at FOO
> kadmiin/history at FOO
> krbtgt/FOO at FOO

You also should have a kadmin/admin at FOO and kadmin/changepw at FOO 
principal.  I assume the kadmiin is just a mis copy.  The missing 
principals could be the problem.  Since you have not added anything else 
it is safe to destroy this database.

First make sure the krb5kdc and admind daemons are stopped.

Invoke kdb5_util destroy -r FOO.  This will delete the database.

Then invoke kdb5_util create -s -r FOO.  The -r is not really necessary, 
it gets the realm from the conf files, but using it makes sure it gets 
the realm just the way you want it, may sure all the conf files agree.

Try kadmin.local and see if you can login, still with no daemons 
running.  If you can create an admin principal (it does not have to be 
root/admin - any user can be a krb5 admin).  Let me know it this works.
> This looks correct.
> My krb5.acl contains a single entry: root/admin at FOO
> The place where I first noticed the error when I tried to add the
> admin keytab.  Here's the output:
> Authenticating as principal root/admin at FOO with password.
> kadmin.local: Required parameters in kdc.conf missing while
> initializing kadmin.local interface
> From what I can tell, all of this looks correct .. except for the
> damned "missing parameter" problem ;-(  Do you see anything wrong
> thus far?
> On Tue, 23 Nov 2004 21:29:11 -0500, bob <bob at cox.net> wrote:
>>Okay, maybe we should backtrack, let me ask some questions about your 
>>entire kerberos setup.  Have you created the realm principal with 
>>kdb5_util, and have you added an admin principal?  Also have you created 
>>the kadm5.acl file and added a keytab for the kadmin principals?

More information about the Kerberos mailing list