AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested
Christoph Weizen
cwei at gmx.net
Tue Nov 8 14:12:27 EST 2005
Hi list,
kinit (krb5 1.4.2) on an AIX 5.3 gives me
# /usr/local/bin/kinit -k -t foobar.keytab
foobar/foo.example.net at EXAMPLE.NET
kinit(v5): Cannot resolve network address for KDC in requested realm
while getting initial credentials
From a working Linux krb5 1.4.2 installation I copied /etc/krb5.conf
and foobar.keytab to AIX 5.3. The following steps don't defer to the
steps I did under Linux.
# ./configure --without-krb4 --enable-shared
# make && make install
Using gcc 3.3.2.
I found a patch for krb5 1.4.1 for AIX 5.2 from Ken Raeburn, but as far
as I see it is fixed in 1.4.2.
My krb5.conf looks like this:
[libdefaults]
default_realm = EXAMPLE.NET
clockskew = 300
[realms]
EXAMPLE.NET = {
kdc = foo.example.net:88
admin_server = foo.example.net:749
default_domain = example.net
kpasswd_server = foo.example.net
}
[domain_realm]
.example.net = EXAMPLE.NET
example.net = EXAMPLE.NET
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
Trying to analyze with tcpdump I see that DNS query A, AAAA, AAAA with
double of my domainname - and then again from the beginning.
A record is answered correctly, AAAA can't (no ipv6).
13:00:09.595177 10.20.30.56.41629 > bar.example.net.domain: [udp sum ok]
65423+ A? foo.example.net. (34) (ttl 30, id 30399, len 62)
13:00:09.595729 bar.example.net.domain > 10.20.30.56.41629: [udp sum ok]
65423* q: A? foo.example.net. 1/2/2 foo.example.net. A foo.example.net
ns: example.net. NS bar.example.net., example.net. NS bar2.example.net.
ar: bar.example.net. A bar.example.net, bar2.example.net. A
bar2.example.net (128) (ttl 30, id 35101, len 156)
13:00:09.597500 10.20.30.56.41630 > bar.example.net.domain: [udp sum ok]
65424+ AAAA? foo.example.net. (34) (ttl 30, id 30400, len 62)
13:00:09.597886 bar.example.net.domain > 10.20.30.56.41630: [udp sum ok]
65424* q: AAAA? foo.example.net. 0/1/0 ns: example.net. SOA
bar.example.net. tux.example.net. 2005110800 14400 600 259200 86400 (87)
(ttl 30, id 35102, len 115)
13:00:09.597928 10.20.30.56.41630 > bar.example.net.domain: [udp sum ok]
65425+ AAAA? foo.example.net.example.net. (42) (ttl 30, id 30401, len 70)
13:00:09.598273 bar.example.net.domain > 10.20.30.56.41630: [udp sum ok]
65425 NXDomain* q: AAAA? foo.example.net.example.net. 0/1/0 ns:
example.net. SOA bar.example.net. tux.example.net. 2005110800 14400 600
259200 86400 (95) (ttl 30, id 35103, len 123)
13:00:09.600003 10.20.30.56.41631 > bar.example.net.domain: [udp sum ok]
65426+ A? foo.example.net. (34) (ttl 30, id 30402, len 62)
13:00:09.600473 bar.example.net.domain > 10.20.30.56.41631: [udp sum ok]
65426* q: A? foo.example.net. 1/2/2 foo.example.net. A foo.example.net
ns: example.net. NS bar2.example.net., example.net. NS bar.example.net.
ar: bar.example.net. A bar.example.net, bar2.example.net. A
bar2.example.net (128) (ttl 30, id 35104, len 156)
13:00:09.602076 10.20.30.56.41632 > bar.example.net.domain: [udp sum ok]
65427+ AAAA? foo.example.net. (34) (ttl 30, id 30403, len 62)
13:00:09.602478 bar.example.net.domain > 10.20.30.56.41632: [udp sum ok]
65427* q: AAAA? foo.example.net. 0/1/0 ns: example.net. SOA
bar.example.net. tux.example.net. 2005110800 14400 600 259200 86400 (87)
(ttl 30, id 35105, len 115)
13:00:09.602520 10.20.30.56.41632 > bar.example.net.domain: [udp sum ok]
65428+ AAAA? foo.example.net.example.net. (42) (ttl 30, id 30404, len 70)
13:00:09.602894 bar.example.net.domain > 10.20.30.56.41632: [udp sum ok]
65428 NXDomain* q: AAAA? foo.example.net.example.net. 0/1/0 ns:
example.net. SOA bar.example.net. tux.example.net. 2005110800 14400 600
259200 86400 (95) (ttl 30, id 35106, len 123)
Upto here, Linux contacts my KDC, AIX 5.3 not. "Cannot resolve network
address for KDC..."
Did I miss something?
cheers,
Christoph
More information about the Kerberos
mailing list