Kerberos-1.3.5 installation problems

swaminas@redwood.cs.ttu.edu swaminas at redwood.cs.ttu.edu
Tue Jan 4 19:03:41 EST 2005 

Hi,
   I am a newbie trying to install kerberos-1.3.5 on a Redhat Linux ES
2.0.( Actually my goal is to install krb, cyrus-sasl and cyrus-imap
server). I tried to install by following the instructions on the
kerberos installation guide. here is a list of steps i have taken.

1. ./configure
2. make
3. make check
4. make install

( though my ./configure and make commands didnt return any error messages,
krb5.conf and kdc.conf were not found. I had to manually create these 2
files. I have copies of these 2 files at the end).
5. kdb5_util create -r ABC.COM -s  ( ran succesfully)

6. I checked for the 5 files under /usr/local/var/krb5kdc and found them.
My krb5.conf file looks like this

7. added the following to the acl file:

*/admin at ABC.COM  *
userwithadmin at ABC.COM  ADMCIL
userwithadmin/*@ABC.COM il */root at ABC.COM
*@ABC.COM cil *1/admin at ABC.COM

8. ran kadmin.local: addprinc admin/admin at ABC.COM
    got the response---Principal "admin/admin at ABC.COM" created.

9. ran kadmin.local: addprinc root/admin at ABC.COM
    got the response---Principal "root/admin at ABC.COM" created.
10. created a kadmind keytab

11. started krb5kdc and kadmind deamon.

12.( I didnt have to install the slave kdc's so skipped most of the
remaining sections)

13.now when i try to run kadmin or kinit , i get the following response
 ----kinit(v5): Cannot contact any KDC for requested realm while getting
initial credentials

 Any help that could guide me to to figure out the problem is greatly
appreciated.

APPENDIX:

krb5.conf file looks like this:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = ABC.COM
 dns_lookup_realm = true
 dns_lookup_kdc = true

[realms]
 ABC.COM = {
  kdc = xyz.abc.com:88
  admin_server = xyz.abc.com.com:749
  default_domain = abc.com
 }

[domain_realm]
 .abc.com = ABC.COM
 abc.com = ABC.COM

[kdc]
 profile = /usr/local/var/krb5kdc/kdc.conf

[pam]
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false


My kdc.conf looks like this:

[kdcdefaults]
	kdc_ports = 750,88

[realms]
	ABC.COM = {
		database_name = /usr/local/var/krb5kdc/principal
		admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
		acl_file = /usr/local/var/krb5kdc/kadm5.acl
		key_stash_file = /usr/local/var/krb5kdc/.k5.ABC.COM
		kdc_ports = 750,88
		kadmind_port = 749
		max_life = 10h 0m 0s
		max_renewable_life = 7d 0h 0m 0s
	}
[logging]
	kdc = FILE:/usr/local/var/krb5kdc/kdc.log
	admin_server = FILE:/usr/local/var/krb5kdc/kadmin.log


-Regards,
Santhosh

More information about the Kerberos mailing list