adding keys to the client database

Maxwell Bottiger sleepylight at gmail.com
Thu Sep 1 00:51:59 EDT 2005


Hi.

My venture into kerberos setups is going pretty well so far. I've been able 
to build a KDC, connect to it, and add keys for my users and for my hosts. 
Now however, I'm running into big problems trying to install the keys onto 
the client machines. The tutorial I'm following says that after I create the 
host keys I should run:

ktadd -k /etc/krb5.keytab host/blah.example.com <http://blah.example.com>

from inside the client side kadmin program. I've done that, but it's not 
working right. Here's a transcrip of my session:

[root at minitop ~]# kadmin
Authenticating as principal root/admin at XXXXXXXXXX.NET with password.
Password for root/admin at XXXXXXXXXXX.NET:
kadmin: ktadd -k /etc/krb5.keytab host/minitop.xxxxxxxxxxx.net
kadmin: Insufficient access to lock database while changing 
host/minitop.xxxxxxxxxxx.net's key
kadmin: q

I also get this same insufficient access message when I try to change user 
passwords with kpasswd. I've looked on google but haven't found much of 
anything. Has anyone else run into this problem?


More information about the Kerberos mailing list