RHEL 3.0 and Kerberos 1.3.4
Marcus White
whitem at oem.doe.gov
Wed Oct 20 13:33:46 EDT 2004
On Tue, 2004-10-19 at 22:44, Marcus O. White wrote:
> G'day All,
>
> I've attempting to get kerberos installed and configured on a RHEL 3.0
> server. Originally RHEL came with kerberos 1.2.7. I located and
> installed from rpm the 1.3.4 version of kerberos. I had it working at
> one point then decided to recreate the principal databases and keytab
> files. Since recreating the databases kerberos has not worked. I
> continually receive: "kinit(v5): Password incorrect while getting
> initial". I've checked and rechecked the password numerous times.
>
> I used the following script to create the kerberos database:
>
> ------------------------- cut here -----------------------
> #!/bin/sh
> # Script to initialize Kerberos Database
> #
> KRBDOMAIN=<Kerberos Domain>
> KRBFQDN=<domain name>
> KRBDIR=/var/kerberos/krb5kdc
>
> echo "Initialize Kerberos Database..."
>
> /usr/kerberos/sbin/kdb5_util create -r $KRBDOMAIN -s
>
> echo "Creating initial admin roles..."
>
> for x in admin changepw
> do
> /usr/kerberos/sbin/kadmin.local -q "ktadd -k
> $KRBDIR/kadm5.keytab kadmin/$x"
> done
>
> echo "Done."
>
> /sbin/service krb5kdc start
> /sbin/service kadmin start
>
> echo "Adding Principals..."
>
> for x in krbadm Manager Replicator
> do
> echo "Adding $x"
> if [ "$x" = "krbadm" ]; then
> /usr/kerberos/sbin/kadmin.local -q "ank
> $x/admin@$KRBDOMAIN"
> /usr/kerberos/sbin/kadmin.local -q "ktadd
> $x/admin@$KRBDOMAIN"
> else
> /usr/kerberos/sbin/kadmin.local -q "ank $x@$KRBDOMAIN"
> /usr/kerberos/sbin/kadmin.local -q "ktadd $x@$KRBDOMAIN"
> fi
> done
>
> echo "Adding Network Hosts..."
>
> for x in server1 server2 ...
> do
> /usr/kerberos/sbin/kadmin.local -q "ank -randkey
> host/$x.$KRBFQDN"
> /usr/kerberos/sbin/kadmin.local -q "ank -randkey
> ldap/$x.$KRBFQDN"
> /usr/kerberos/sbin/kadmin.local -q "ktadd host/$x.$KRBFQDN"
> /usr/kerberos/sbin/kadmin.local -q "ktadd ldap/$x.$KRBFQDN"
> done
>
> echo "Done."
>
> /bin/chmod 644 /etc/krb5.keytab
>
>
>
> --------------------------end cut -------------------------
>
> Is the proper way to create the kerberos database? If not, what is the
> proper way? What else should I be looking at?
>
> Marcus O.
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
Discovered the flaw in my logic... Removed the exporting (ktadd) of
principals with assigned passwords from the script. All is well...
Marcus O.
More information about the Kerberos
mailing list