Kerberos setup script and Client not authenticating for local services

Nick Bernstein nbernstein at frontbridge.com
Mon Apr 4 14:14:11 EDT 2005


I'm trying to setup a very simple kerberos authentication system for my
domain, where there is one Primary KDC and one failover KDC, and a lot of
other hosts ("clients")  which use that KDCs to authenticate requests for
different services on the client hosts. To do this, I've been following the
oriley kerberos book and have been trying to be very disiplined in
documenting everything that I do in order to make sure that there are not
any forgotten things that may have been done that could complicate things.
Currently, I have it *partially* working. On the kdc,
"kerberos.frontbridge.com", I can connect to any of the kerberized services
from my test client "kc.frontbridge.com". Once I kinit on the client
machine, I can "telnet -a kerberos.frontbridge.com" and it works like a
charm. However, if on kc.frontbridge.com, I "telnet -a kc.frontbridge.com" 
 
I was hoping that someone might be able to point me in the right direction.
I've scripted the entire kdc install: 
http://nicholasbernstein.com/setupkrb5.20050404-1.tgz 
because I thought that would be a more effective than trying to write out
each step that I am doing. 
 
On the client machine, I've added the hosts to the /etc/hosts file, added a
cronjob to sync the clock to pool.ntp.org using "/usr/sbin/ntpdate
pool.ntp.org", and redhat's authconfig script to setup kerberos
authentication. 
 
The Operating system for both client and server are redhat ES3, and the
kerberos version is 1.2.7-19
 
 
 



FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise Message Security services from FrontBridge. www.frontbridge.com.



More information about the Kerberos mailing list