Missing parms in kdc.conf

[Mark Sellers]

Yes, "kadmiin" was a typo.

So I executed kdb5_util destroy, and then executed the create.  Here
are the results (bascially the same):

# kdb5_util create -s -r FOO
Loading random data
Initializing database '/var/lib/krb5kdc/principal' for realm 'FOO',
master key name 'K/M at FOO'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_util: Required parameters in kdc.conf missing while initializing
the Kerberos admin interface

# kadmin.local
Authenticating as principal root/admin at FOO with password.
kadmin.local: Required parameters in kdc.conf missing while
initializing kadmin.local interface

As far as config files are conerned, all look normal (at least for
Debian) ... it seems to be finding everyting in its proper location.
I can add erroneous junk to the krb5.conf and kdc.conf files, and
kadmin will complain (thus, I know it's finding the files).

Obviously, there's no data in the keytab file yet ... can't get that
far.

/var/lib/krb5kdc
-rw-------  1 root root 8.0K Nov 25 10:45 principal
-rw-------  1 root root 8.0K Nov 25 10:45 principal.kadm5
-rw-------  1 root root    0 Nov 25 10:45 principal.kadm5.lock
-rw-------  1 root root    0 Nov 25 10:45 principal.ok

/etc/krb5kdc
-rw-------  1 root root   0 Nov 22 21:26 dict
-rw-------  1 root root  18 Nov 21 17:43 kadm5.acl
-rw-------  1 root root 785 Nov 25 10:42 kdc.conf
-rw-------  1 root root  30 Nov 25 10:45 stash

/etc
-rw-r--r--  1 root root 1.3K Nov 25 10:44 krb5.conf
-rw-------  1 root root    0 Nov 23 00:44 krb5.keytab

For reference, here are the config file contents (again):

--------------------------------------------------------------------
krb5.conf
--------------------------------------------------------------------

[libdefaults]
default_realm = FOO
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_timesync = 1
ccache_type = 4
default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des3-cbc-sha1 des-hmac-sha1 des-cbc-md5
default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des3-cbc-sha1 des-hmac-sha1 des-cbc-md5
permitted_enctypes   = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des3-cbc-sha1 des-hmac-sha1 des-cbc-md5

[realms]
FOO = {
   kdc = kerberos.FOO
   admin_server = kerberos.FOO
   default_domain = FOO
}

[domain_realm]
.FOO = FOO

[logging]
kdc = SYSLOG:INFO:AUTH
admin_server = SYSLOG:ERR:DAEMON
default = SYSLOG:ERR:DAEMON

--------------------------------------------------------------------
kdc.conf
--------------------------------------------------------------------

[kdcdefaults]

[realms]
FOO = {
   database_name = /var/lib/krb5kdc/principal
   admin_keytab = /etc/krb5kdc/kadm5.keytab
   acl_file = /etc/krb5kdc/kadm5.acl
   key_stash_file = /etc/krb5kdc/stash
   dict_file = /etc/krb5kdc/dict
   max_life = 10h 0m 0s
   max_renewable_life = 7d 0h 0m 0s
   master_key_type = des3-hmac-sha1
   supported_enctypes = des3:normal des-hmac-sha1:normal des-hmac-sha1:v4 des-cbc-md5:normal des-cbc-md5:v4 arcfour:normal arcfour:v4
   default_principal_flags = +preauth
}