Kerberos setup script and Client not authenticating for localservices

Nick Bernstein nbernstein at frontbridge.com
Mon Apr 4 14:54:45 EDT 2005


On April 4th, Nick Bernstein wrote: 

> I'm trying to setup a very simple kerberos authentication 
> system for my domain, where there is one Primary KDC and one 
> failover KDC, and a lot of other hosts ("clients")  which use 
> that KDCs to authenticate requests for different services on 
> the client hosts. To do this, I've been following the oriley 
> kerberos book and have been trying to be very disiplined in 
> documenting everything that I do in order to make sure that 
> there are not any forgotten things that may have been done 
> that could complicate things. Currently, I have it 
> *partially* working. On the kdc, "kerberos.frontbridge.com", 
> I can connect to any of the kerberized services from my test 
> client "kc.frontbridge.com". Once I kinit on the client 
> machine, I can "telnet -a kerberos.frontbridge.com" and it 
> works like a charm. However, if on kc.frontbridge.com, I 
> "telnet -a kc.frontbridge.com" 
>  
> I was hoping that someone might be able to point me in the 
> right direction. I've scripted the entire kdc install: 
> http://nicholasbernstein.com/setupkrb5.20050404-1.tgz 
> because I thought that would be a more effective than trying 
> to write out each step that I am doing. 
>  
> On the client machine, I've added the hosts to the /etc/hosts 
> file, added a cronjob to sync the clock to pool.ntp.org using 
> "/usr/sbin/ntpdate pool.ntp.org", and redhat's authconfig 
> script to setup kerberos authentication. 
>  
> The Operating system for both client and server are redhat 
> ES3, and the kerberos version is 1.2.7-19
>  
>  

Scratch that; I tried re-adding "host/kc.frontbridge.com" to the keytab, and
it worked, which is confusing me, since I know I added it in the script.
Anyway, if anyone wants to make any suggestions for improving the scripts I
linked to, please feel free to let me know. Once I've got this all working,
I'll make a final version available on my website, which may save some other
people trying to do this some time down the road. 



FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise Message Security services from FrontBridge. www.frontbridge.com.






More information about the Kerberos mailing list