KADMIN error

Tom Yu tlyu at MIT.EDU
Thu Feb 3 13:15:54 EST 2005

>>>>> "Dennis" == Dennis Davis <D.H.Davis at bath.ac.uk> writes:

Dennis> Well, I'm not concerned about obfuscating kerberos entries.  I see
Dennis> the following log entry on my test server:

Dennis> Feb 03 13:45:09 ancho.bath.ac.uk krb5kdc[17597](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) SERVER_NOT_FOUND: ccsdhd/admin at BATH.AC.UK for kadmin/ancho.bath.ac.uk at BATH.AC.UK, Server not found in Kerberos database

Dennis> This looks wrong to me.  It shouldn't be requesting the
Dennis> kadmin/ancho.bath.ac.uk at BATH.AC.UK principal.  That would be
Dennis> associated with the machine acting as the kerberos server.  Instead
Dennis> it should be requesting the kadmin/admin at BATH.AC.UK principal which
Dennis> is what the 1.3.6 kadmin client does.  This would also tally up with
Dennis> the "Required KADM5 principal missing" message.

Ok, that is very useful information to have.  The host-based kadmin
principal name was a 1.4 change for SEAM compatibility.  It should
fall back to kadmin/admin but does not appear to at the moment.  I'll
investigate further.


More information about the Kerberos mailing list