KADMIN error
Tom Yu
tlyu at MIT.EDU
Thu Feb 3 13:15:54 EST 2005
>>>>> "Dennis" == Dennis Davis <D.H.Davis at bath.ac.uk> writes:
Dennis> Well, I'm not concerned about obfuscating kerberos entries. I see
Dennis> the following log entry on my test server:
Dennis> Feb 03 13:45:09 ancho.bath.ac.uk krb5kdc[17597](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 138.38.32.80: SERVER_NOT_FOUND: ccsdhd/admin at BATH.AC.UK for kadmin/ancho.bath.ac.uk at BATH.AC.UK, Server not found in Kerberos database
Dennis> This looks wrong to me. It shouldn't be requesting the
Dennis> kadmin/ancho.bath.ac.uk at BATH.AC.UK principal. That would be
Dennis> associated with the machine acting as the kerberos server. Instead
Dennis> it should be requesting the kadmin/admin at BATH.AC.UK principal which
Dennis> is what the 1.3.6 kadmin client does. This would also tally up with
Dennis> the "Required KADM5 principal missing" message.
Ok, that is very useful information to have. The host-based kadmin
principal name was a 1.4 change for SEAM compatibility. It should
fall back to kadmin/admin but does not appear to at the moment. I'll
investigate further.
---Tom
More information about the Kerberos
mailing list