RHEL 3.0 and Kerberos 1.3.4

Marcus O. White whitem at oem.doe.gov
Tue Oct 19 22:44:10 EDT 2004 

G'day All,

I've attempting to get kerberos installed and configured on a RHEL 3.0
server. Originally RHEL came with kerberos 1.2.7. I located and
installed from rpm the 1.3.4 version of kerberos. I had it working at
one point then decided to recreate the principal databases and keytab
files. Since recreating the databases kerberos has not worked. I
continually receive: "kinit(v5): Password incorrect while getting
initial". I've checked and rechecked the password numerous times.

I used the following script to create the kerberos database:

------------------------- cut here -----------------------
#!/bin/sh
# Script to initialize Kerberos Database
#
KRBDOMAIN=<Kerberos Domain>
KRBFQDN=<domain name>
KRBDIR=/var/kerberos/krb5kdc

echo "Initialize Kerberos Database..."

/usr/kerberos/sbin/kdb5_util create -r $KRBDOMAIN -s

echo "Creating initial admin roles..."

for x in admin changepw
do
        /usr/kerberos/sbin/kadmin.local -q "ktadd -k
$KRBDIR/kadm5.keytab kadmin/$x"
done

echo "Done."

/sbin/service krb5kdc start
/sbin/service kadmin start

echo "Adding Principals..."

for x in krbadm Manager Replicator
do
        echo "Adding $x"
        if [ "$x" = "krbadm" ]; then
                /usr/kerberos/sbin/kadmin.local -q "ank
$x/admin@$KRBDOMAIN"
                /usr/kerberos/sbin/kadmin.local -q "ktadd
$x/admin@$KRBDOMAIN"
        else
                /usr/kerberos/sbin/kadmin.local -q "ank $x@$KRBDOMAIN"
                /usr/kerberos/sbin/kadmin.local -q "ktadd $x@$KRBDOMAIN"
        fi
done

echo "Adding Network Hosts..."

for x in server1 server2 ...
do
        /usr/kerberos/sbin/kadmin.local -q "ank -randkey
host/$x.$KRBFQDN"
        /usr/kerberos/sbin/kadmin.local -q "ank -randkey
ldap/$x.$KRBFQDN"
        /usr/kerberos/sbin/kadmin.local -q "ktadd host/$x.$KRBFQDN"
        /usr/kerberos/sbin/kadmin.local -q "ktadd ldap/$x.$KRBFQDN"
done

echo "Done."

/bin/chmod 644 /etc/krb5.keytab



--------------------------end cut -------------------------

Is the proper way to create the kerberos database? If not, what is the
proper way? What else should I be looking at?

Marcus O.

More information about the Kerberos mailing list