KADMIN error

[Mike Dopheide]

While testing 1.4 we are seeing this same error with kadmin.  So far it 
seems to be only a kadmin client issue and happens regardless of whether 
the server is running 1.3.5, 1.3.6, or 1.4.  

The 1.3.5 and 1.3.6 kadmin clients work fine.  Has anyone else seen this 
issue?

I hope to find time to do more testing later this week.

-Mike


> [root at hosthidden root]# kadmin
> 
> Authenticating as principal userhidden/admin at EXAMPLE.COM with password.
> 
> kadmin: Database error! Required KADM5 principal missing while initializing
> kadmin interface
> 
> [root at hosthidden root]# kadmin.local
> 
> Authenticating as principal userhidden/admin at EXAMPLE.COM with password.
> 
> kadmin.local:  exit
> 
> [root at hosthidden root]#
> 
>  
> 
> Log output
> 
>  
> 
> Jan 11 20:38:01 hosthidden krb5kdc[1564](info): AS_REQ (3 etypes {16 3 1})
> x.x.x.x(88): SERVER_NOT_FOUND: userhidden/admin at EXAMPLE.COM for
> kadmin/admin at EXAMPLE.COM, Server not found in Kerberos database
> 
>  
> 
> Krb5.conf
> 
>  
> 
> [logging]
> 
>  default = FILE:/var/log/krb5libs.log
> 
>  kdc = FILE:/var/log/krb5kdc.log
> 
>  admin_server = FILE:/var/log/kadmind.log
> 
>  
> 
> [libdefaults]
> 
>  ticket_lifetime = 24000
> 
>  default_realm = EXAMPLE.COM
> 
>  dns_lookup_realm = true
> 
>  dns_lookup_kdc = true
> 
>  
> 
> [realms]
> 
>  EXAMPLE.COM = {
> 
>   kdc = hosthidden.example.com
> 
>   admin_server = hosthidden.example.com
> 
>   default_domain = example.com
> 
>  }
> 
>  
> 
> [domain_realm]
> 
>  .example.com = EXAMPLE.COM
> 
>  example.com = EXAMPLE.COM
> 
>  
> 
> [kdc]
> 
>  profile = /var/kerberos/krb5kdc/kdc.conf
> 
>  
> 
> [appdefaults]
> 
>  pam = {
> 
>    debug = false
> 
>    ticket_lifetime = 36000
> 
>    renew_lifetime = 36000
> 
>    forwardable = true
> 
>    krb4_convert = false
> 
>  }
> 
>  
> 
> Kdc.conf
> 
>  
> 
> [kdcdefaults]
> 
>  acl_file = /var/kerberos/krb5kdc/kadm5.acl
> 
>  dict_file = /usr/share/dict/words
> 
>  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
> 
> kdc_ports = 88
> 
>  v4_mode = nopreauth
> 
>  
> 
> [realms]
> 
> EXAMPLE.COM = {
> 
>   master_key_type = des-cbc-crc
> 
>   supported_enctypes = des3-cbc-sha1:normal des3-cbc-sha1:norealm
> des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3 des-cbc-crc:normal
> des-cbc-crc:norealm des-cbc-crc:onlyrealm des-cbc-md4:v4 des-cbc-md4:afs3
> des-cbc-md4:normal des-cbc-md4:norealm des-cbc-md4:onlyrealm des-cbc-md5:v4
> des-cbc-md5:afs3 des-cbc-md5:normal des-cbc-md5:norealm
> des-cbc-md5:onlyrealm des-cbc-sha1:v4 des-cbc-sha1:afs3 des-cbc-sha1:normal
> des-cbc-sha1:norealm des-cbc-sha1:onlyrealm
> 
>  }
> 
>  
> 
>  
> 
> /etc/hosts/
> 
>  
> 
> # Do not remove the following line, or various programs
> 
> # that require network functionality will fail.
> 
> 127.0.0.1               localhost.localdomain localhost
> 
> x.x.x.x          hosthidden.example.com
> 
>  
> 
> resolv.conf
> 
> domain example.com
> 
> search example.com phx-dc.example.com ncc.example.com
> 
> nameserver x.x.x.x
> 
> nameserver x.x.x.x
> 
> nameserver x.x.x.x
> 
>  
> 
> Please help.
> 
>  
> 
> Kim Sassaman
> 
> CISSP CCNP
> 
> "Research is what I am doing when I am not sure what I am doing" - Wernher
> Von Braun
> 
>  
> 
>  
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

--