RHEL 3.0 and Kerberos 1.3.4

Marcus White whitem at oem.doe.gov
Wed Oct 20 13:33:46 EDT 2004


On Tue, 2004-10-19 at 22:44, Marcus O. White wrote:
> G'day All,
> 
> I've attempting to get kerberos installed and configured on a RHEL 3.0
> server. Originally RHEL came with kerberos 1.2.7. I located and
> installed from rpm the 1.3.4 version of kerberos. I had it working at
> one point then decided to recreate the principal databases and keytab
> files. Since recreating the databases kerberos has not worked. I
> continually receive: "kinit(v5): Password incorrect while getting
> initial". I've checked and rechecked the password numerous times.
> 
> I used the following script to create the kerberos database:
> 
> ------------------------- cut here -----------------------
> #!/bin/sh
> # Script to initialize Kerberos Database
> #
> KRBDOMAIN=<Kerberos Domain>
> KRBFQDN=<domain name>
> KRBDIR=/var/kerberos/krb5kdc
> 
> echo "Initialize Kerberos Database..."
> 
> /usr/kerberos/sbin/kdb5_util create -r $KRBDOMAIN -s
> 
> echo "Creating initial admin roles..."
> 
> for x in admin changepw
> do
>         /usr/kerberos/sbin/kadmin.local -q "ktadd -k
> $KRBDIR/kadm5.keytab kadmin/$x"
> done
> 
> echo "Done."
> 
> /sbin/service krb5kdc start
> /sbin/service kadmin start
> 
> echo "Adding Principals..."
> 
> for x in krbadm Manager Replicator
> do
>         echo "Adding $x"
>         if [ "$x" = "krbadm" ]; then
>                 /usr/kerberos/sbin/kadmin.local -q "ank
> $x/admin@$KRBDOMAIN"
>                 /usr/kerberos/sbin/kadmin.local -q "ktadd
> $x/admin@$KRBDOMAIN"
>         else
>                 /usr/kerberos/sbin/kadmin.local -q "ank $x@$KRBDOMAIN"
>                 /usr/kerberos/sbin/kadmin.local -q "ktadd $x@$KRBDOMAIN"
>         fi
> done
> 
> echo "Adding Network Hosts..."
> 
> for x in server1 server2 ...
> do
>         /usr/kerberos/sbin/kadmin.local -q "ank -randkey
> host/$x.$KRBFQDN"
>         /usr/kerberos/sbin/kadmin.local -q "ank -randkey
> ldap/$x.$KRBFQDN"
>         /usr/kerberos/sbin/kadmin.local -q "ktadd host/$x.$KRBFQDN"
>         /usr/kerberos/sbin/kadmin.local -q "ktadd ldap/$x.$KRBFQDN"
> done
> 
> echo "Done."
> 
> /bin/chmod 644 /etc/krb5.keytab
> 
> 
> 
> --------------------------end cut -------------------------
> 
> Is the proper way to create the kerberos database? If not, what is the
> proper way? What else should I be looking at?
> 
> Marcus O.
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

Discovered the flaw in my logic... Removed the exporting (ktadd) of
principals with assigned passwords from the script. All is well...

Marcus O.



More information about the Kerberos mailing list