Network address resolution problem on AIX

Douglas E. Engert deengert at anl.gov
Wed Aug 24 16:46:21 EDT 2005


Is /etc/krb5.conf readable by users?

Claus Lund wrote:

> I have struggled with this for almost two days now and I just can't seem to
> get past this hurdle... Hopefully somebody out there will say: "Duh, you're
> doing XYZ wrong!".
> I keep getting a "kinit(v5): Cannot resolve network address for KDC in
> requested realm while getting initial credentials" error when I run kinit.
> 
> System:
> AIX5.2 ML6
> gcc version 3.3.2
> 
> Building Kerberos:
> root at tax178:/tmp/kerberos/krb5-1.4.2/src
>  # ./configure --without-krb4 --disable-athena --prefix=/usr/local
> 
> I get some warnings during compilation but it seems to finish. When I run
> make test it goes through a bunch of it and then finishes with an error (at
> the bottom of this mail) but I think I read somewhere that there were some
> extra requirements for the final tests and failing them does not necessarily
> mean that there is anything wrong.
> 
> I install it and create /etc/krb5.conf:
> [libdefaults]
>         default_realm = TESTDOMAIN.TAX.STATE.VT.US
> 
> [realms]
>         TESTDOMAIN.TAX.STATE.VT.US = {
>                 kdc = tax106.testdomain.tax.state.vt.us
>         }
> 
> [domain_realms]
>         .testdomain.tax.state.vt.us = TESTDOMAIN.TAX.STATE.VT.US
> 
> The KDC is a Windows 2000 AD server.
> At this point I try to run kinit and get the following error:
>  # kinit clund at TESTDOMAIN.TAX.STATE.VT.US
> kinit(v5): Cannot resolve network address for KDC in requested realm while
> getting initial credentials
> 
> But as far as I can tell everything is alright on the DNS side. Running the
> resolve program seems to agree:
> root at tax178:/tmp/kerberos/krb5-1.4.2/src
>  # ./tests/resolve/resolve tax106
> Hostname:  tax106
> Host address: 10.0.89.130
> FQDN: tax106.testdomain.tax.state.vt.us
> Resolve library appears to have passed the test
> root at tax178:/tmp/kerberos/krb5-1.4.2/src
>  # ./tests/resolve/resolve tax106.testdomain.tax.state.vt.us
> Hostname:  tax106.testdomain.tax.state.vt.us
> Host address: 10.0.89.130
> FQDN: tax106.testdomain.tax.state.vt.us
> Resolve library appears to have passed the test
> 
> Thanks in advance,
> Claus
> 
> Part of the "make test" output:
> Running test (ATHENA.MIT.EDU) (/COM/HP/APOLLO) (,EDU,/COM,), expecting error
> ...
> Expected error found.
> 
> Running test (ATHENA.MIT.EDU) (/COM/HP/APOLLO) (,EDU, /COM,) ...
> Got: /COM /COM/HP EDU MIT.EDU
> Exp: /COM /COM/HP EDU MIT.EDU
> 
> Running test (ATHENA.MIT.EDU) (CS.CMU.EDU) (,EDU,) ...
> Got: CMU.EDU EDU MIT.EDU
> Exp: CMU.EDU EDU MIT.EDU
> 
> Running test (XYZZY.ATHENA.MIT.EDU) (XYZZY.CS.CMU.EDU) (,EDU,) ...
> Got: ATHENA.MIT.EDU CMU.EDU CS.CMU.EDU EDU MIT.EDU
> Exp: ATHENA.MIT.EDU CMU.EDU CS.CMU.EDU EDU MIT.EDU
> 
> Success.
> Target "check" is up to date.
> making check in lib/krb5/os...
>         gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\
> " -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5_PRI
> VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -DHAV
> E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_DN_S
> KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_ATTR
> _WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1 -DHA
> VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INIT_IN
> _THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHA
> VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_
> INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE_RE_
> COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtype=vo
> id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME_ARG
> 2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_TYPE
> =struct\
> sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t   -I../../../include -I./../../../in
> clude  -I../../../include/krb5 -I./../../../include/krb5    -g -O2 -Wall -Wm
> issing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow -pedantic 
> -D_THREAD_SAFE   -c t_std_conf.c
>         gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -g -O
> 2 -Wall -Wmissing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow
>  -pedantic -D_THREAD_SAFE   -o t_std_conf t_std_conf.o def_realm.o
> get_krbhst.o realm_dom.o  hst_realm.o init_os_ctx.o locate_kdc.o
> nsglue.o  -lkrb5 -lk5crypto -lcom_err -lkrb5support  -lpthreads
>         gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\
> " -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5_PRI
> VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -DHAV
> E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_DN_S
> KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_ATTR
> _WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1 -DHA
> VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INIT_IN
> _THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHA
> VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_
> INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE_RE_
> COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtype=vo
> id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME_ARG
> 2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_TYPE
> =struct\
> sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t   -I../../../include -I./../../../in
> clude  -I../../../include/krb5 -I./../../../include/krb5    -g -O2 -Wall -Wm
> issing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow -pedantic 
> -D_THREAD_SAFE   -c t_an_to_ln.c
> t_an_to_ln.c: In function `main':
> t_an_to_ln.c:8: warning: `kret' might be used uninitialized in this function
>         gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -g -O
> 2 -Wall -Wmissing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow
>  -pedantic -D_THREAD_SAFE   -o t_an_to_ln t_an_to_ln.o
> an_to_ln.o  -lkrb5 -lk5crypto -lcom_err -lkrb5support  -lpthreads
>         gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\
> " -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_RSEQ=1 -DKRB5_PRI
> VATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DNS_LOOKUP=1 -DHAV
> E_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRESS=1 -DHAVE_DN_S
> KIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -DDESTRUCTOR_ATTR
> _WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAVE_PTHREAD=1 -DHA
> VE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREAD_RWLOCK_INIT_IN
> _THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHA
> VE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_
> INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGCOMP=1 -DHAVE_RE_
> COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -Dkrb5_sigtype=vo
> id -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE=GETSOCKNAME_ARG
> 2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSOCKNAME_ARG2_TYPE
> =struct\
> sockaddr -DGETSOCKNAME_ARG3_TYPE=size_t   -I../../../include -I./../../../in
> clude  -I../../../include/krb5 -I./../../../include/krb5    -g -O2 -Wall -Wm
> issing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow -pedantic 
> -D_THREAD_SAFE   -c t_locate_kdc.c
> t_locate_kdc.c:21: warning: no previous prototype for `kfatal'
> t_locate_kdc.c:27: warning: no previous prototype for `stypename'
> t_locate_kdc.c:43: warning: no previous prototype for `print_addrs'
>         gcc -L../../../lib -Wl,-blibpath:/usr/local/lib::/usr/lib:/lib -g -O
> 2 -Wall -Wmissing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow
>  -pedantic -D_THREAD_SAFE   -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPAC
> KAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DHAVE_BT_R
> SEQ=1 -DKRB5_PRIVATE=1 -DKRB5_DEPRECATED=1 -DKRB5_DNS_LOOKUP_KDC=1 -DKRB5_DN
> S_LOOKUP=1 -DHAVE_RES_SEARCH=1 -DHAVE_NS_INITPARSE=1 -DHAVE_NS_NAME_UNCOMPRE
> SS=1 -DHAVE_DN_SKIPNAME=1 -DDELAY_INITIALIZER=1 -DCONSTRUCTOR_ATTR_WORKS=1 -
> DDESTRUCTOR_ATTR_WORKS=1 -DUSE_LINKER_FINI_OPTION=1 -DENABLE_THREADS=1 -DHAV
> E_PTHREAD=1 -DHAVE_PTHREAD_ONCE=1 -DHAVE_PTHREAD_RWLOCK_INIT=1 -DHAVE_PTHREA
> D_RWLOCK_INIT_IN_THREAD_LIB=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_S
> YS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STR
> INGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_REGC
> OMP=1 -DHAVE_RE_COMP=1 -DHAVE_RE_EXEC=1 -DHAVE_REGEXEC=1 -DPOSIX_SIGTYPE=1 -
> Dkrb5_sigtype=void -DPOSIX_SIGNALS=1 -DHAVE_SA_LEN=1 -DGETPEERNAME_ARG2_TYPE
> =GETSOCKNAME_ARG2_TYPE -DGETPEERNAME_ARG3_TYPE=GETSOCKNAME_ARG3_TYPE -DGETSO
> CKNAME_ARG2_TYPE=struct\
> ckaddr -DGETSOCKNAME_ARG3_TYPE=size_t   -I../../../include -I./../../../incl
> ude  -I../../../include/krb5 -I./../../../include/krb5    -g -O2 -Wall -Wmis
> sing-prototypes -Wcast-qual  -Wcast-align -Wconversion -Wshadow -pedantic -D
> _THREAD_SAFE   -o t_locate_kdc
> t_locate_kdc.o  -lkrb5 -lk5crypto -lcom_err -lkrb5support  -lpthreads
>         KRB5_CONFIG=./td_krb5.conf ; export KRB5_CONFIG ;
> LIBPATH=`echo -L../../../lib | sed -e "s/-L//g" -e "s/
> /:/g"`:/usr/local/lib:/usr/lib:/usr/local/lib; export LIBPATH;
> ./t_std_conf  -d -s NEW.DEFAULT.REALM -d  -k IGGY.ORG -k
> EFAULT_REALM.TST  -D DEFAULT_REALM.TST -r bad.idea -r itar.bad.idea  -r
> really.BAD.IDEA. -r clipper.bad.idea -r KeYEsCrOW.BaD.IDea  -r
> pgp.good.idea -r no_domain > test.out
>         cmp test.out ./ref_std_conf.out
>         rm -f test.out
>         KRB5_CONFIG=./td_krb5.conf ; export KRB5_CONFIG ;
> LIBPATH=`echo -L../../../lib | sed -e "s/-L//g" -e "s/
> /:/g"`:/usr/local/lib:/usr/lib:/usr/local/lib; export LIBPATH;
> ./t_locate_kdc ATHENA.MIT.EDU
> looking in krb5.conf for realm ATHENA.MIT.EDU entry kdc; ports 88,750
> config file lookup failed: Profile relation not found
> walking answer list:
>         port=88 host=KERBEROS.MIT.EDU.
> adding hostname KERBEROS.MIT.EDU., ports 88,0, family 0, socktype 2
>         getaddrinfo("KERBEROS.MIT.EDU.", "88", ...)
>         returns 8: Hostname and service name not provided or found
>         port=88 host=KERBEROS-1.MIT.EDU.
> adding hostname KERBEROS-1.MIT.EDU., ports 88,0, family 0, socktype 2
>         getaddrinfo("KERBEROS-1.MIT.EDU.", "88", ...)
>         returns 8: Hostname and service name not provided or found
>         port=88 host=KERBEROS-2.MIT.EDU.
> adding hostname KERBEROS-2.MIT.EDU., ports 88,0, family 0, socktype 2
>         getaddrinfo("KERBEROS-2.MIT.EDU.", "88", ...)
>         returns 8: Hostname and service name not provided or found
> [end]
> krb5int_locate_server found 0 addresses
> t_locate_kdc: Cannot resolve network address for KDC in requested realm -
> exiting
> make: 1254-004 The error code from the last command is 1.
> 
> 
> Stop.
> make: 1254-004 The error code from the last command is 1.
> 
> 
> Stop.
> make: 1254-004 The error code from the last command is 1.
> 
> 
> Stop.
> make: 1254-004 The error code from the last command is 1.
> 
> ____________________________________________
> Claus Lund
> Systems Developer
> 
> Department of Taxes
> Information Systems
> 109 State Street
> Montpelier, Vermont 05609
> (802) 828-3735
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


More information about the Kerberos mailing list