Generic unknown RC/IO error while verifying initial ticket
Mark Hannessen
mark at nperfection.com
Tue Nov 30 12:05:44 EST 2004
I am pretty new to kerberos, and ran into some problems trying to configure
it. I'll try to discribe my current situation as good as I can:
I started with the following on the server:
kdb5_util create -s
kadmin.local -q "ktadd -k /kerberos/etc/krb5kdc/NL/LINUXNET/kadm5.keytab
kadmin/admin kadmin/changepw"
kadmin.local -q "addprinc mark/admin at LINUXNET.NL"
kadmin.local -q "addprinc niels at LINUXNET.NL"
kadmin.local -q "addprinc -randkey host/xp2600c.linuxnet.nl"
after this I am able to obtain a ticket using kinit and using login.krb5
after that I try to create a keytab on the client:
"ktadd -k /etc/krb5.keytab host/xp2600c.linuxnet.nl"
after this kinit is still able to get tickets...
but login.krb5 outputs the following error:
Generic unknown RC/IO error while verifying initial ticket
Nov 27 20:37:23 xp2600c krb5kdc[8777](info): AS_REQ (2 etypes {16 1})
10.4.8.27: ISSUE: authtime 1101587843, etypes {rep=16 tkt=16 ses=16},
niels at LINUXNET.NL for krbtgt/LINUXNET.NL at LINUXNET.NL
Nov 27 20:37:23 xp2600c krb5kdc[8777](info): TGS_REQ (2 etypes {16 1})
10.4.8.27: ISSUE: authtime 1101587843, etypes {rep=16 tkt=16 ses=16},
niels at LINUXNET.NL for host/xp2600c.linuxnet.nl at LINUXNET.NL
my config files look like this:
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
[libdefaults]
ticket_lifetime = 24000
default_realm = LINUXNET.NL
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
forwardable = true
proxiable = true
[realms]
LINUXNET.NL = {
kdc = xp2600c.linuxnet.nl:88
admin_server = xp2600c.linuxnet.nl:749
default_domain = linuxnet.nl
}
[domain_realm]
.linuxnet.nl = LINUXNET.NL
[kdc]
profile = /etc/krb5kdc/kdc.conf
my kdc.conf looks like this:
[kdcdefaults]
dict_file = /etc/krb5kdc/dict
[realms]
LINUXNET.NL = {
database_name = /etc/krb5kdc/NL/LINUXNET/principal
admin_keytab = /etc/krb5kdc/NL/LINUXNET/kadm5.keytab
acl_file = /etc/krb5kdc/NL/LINUXNET/kadm5.acl
key_stash_file = /etc/krb5kdc/NL/LINUXNET/.k5.LINUXNET.NL
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
}
on the client I only have a krb5.conf file, and it looks like this:
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
forwardable = true
proxiable = true
[libdefaults]
ticket_lifetime = 24000
default_realm = LINUXNET.NL
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
LINUXNET.NL = {
kdc = xp2600c.linuxnet.nl:88
admin_server = xp2600c.linuxnet.nl:749
default_domain = linuxnet.nl
}
[domain_realm]
.linuxnet.nl = LINUXNET.NL
kadm5.acl currently looks like this: (for testing)
*/admin at LINUXNET.NL *
*@LINUXNET.NL *
host/*@LINUXNET.NL *
*/*@LINUXNET.NL *
I ran out of ideas, anybody any ideas where to look next?
thanks, Mark Hannessen.
More information about the Kerberos
mailing list