Cannot contact KDC

Diego Alencar Alves de Lima diegolima.br at gmail.com
Wed Oct 4 22:22:07 EDT 2006 

Hello, 

I'm setting up a Debian server with kerberos and I'm having the following 
error when I try to get a ticket: "Cannot contact any KDC for requested realm 
while getting initial credentials".

Here are the steps I've taken so far:
1. # apt-get install libcomerr2 libkrb53 krb5-user krb5-kdc krb5-admin-server 
krb5-config
2. Edit my /etc/krb5.conf and /etc/krb5kdc/kdc.conf (I'm attaching at the end)
3. #krb5_newrealm
4. Edit my /etc/krb5kdc/kadm5.acl
5. # kadmin.local -q "addprinc diego/admin"
6. # /etc/init.d/krb5-admin-server restart; /etc/init.d/krb5-kdc restart
7. kinit diego

Then I get the error message. When I use "# kinit -v diego" I get this error:
kinit(v5): No credentials cache found while validating credentials

Any help is more than welcome. Here are my configuration files:
--------------------------------------------------------------------------------------------------------------------
krb5.conf
--------------------------------------------------------------------------------------------------------------------
[logging]
    kdc = FILE:/var/log/kerberos/krb5kdc.log
    admin_server = FILE:/var/log/kerberos/kadmin.log
    default = FILE:/var/log/kerberos/krb5lib.log

[libdefaults]
    ticket_lifetime = 24000
    default_realm = SG.ORG.BR
    default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
    default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

[realms]
    SG.ORG.BR = {
        kdc = localhost:88
        admin_server = localhost:749
        default_domain = sg.org.br
    }

[domain_realm]
    .sg.org.br = SG.ORG.BR
    sg.org.br = SG.ORG.BR

[kdc]
    profile = /etc/krb5kdc/kdc.conf

[appdefaults]
    pam = {
       krb4_convert = false
       forwardable = true
       renewable = true
    }


--------------------------------------------------------------------------------------------------------------------
kdc.conf
--------------------------------------------------------------------------------------------------------------------
[kdcdefaults]
    kdc_ports = 750,88

[realms]
   SG.ORG.BR  = {
        database_name = /var/lib/krb5kdc/principal
        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
        acl_file = /etc/krb5kdc/kadm5.acl
        key_stash_file = /etc/krb5kdc/stash
        kdc_ports = 750,88
        max_life = 10h 0m 0s
        max_renewable_life = 7d 0h 0m 0s
        master_key_type = des3-hmac-sha1
        supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal 
des:normal des:v4 des:norealm des:onlyrealm des:afs3
        default_principal_flags = +preauth
    }


--------------------------------------------------------------------------------------------------------------------
kadm5.acl
--------------------------------------------------------------------------------------------------------------------
*/admin *
--------------------------------------------------------------------------------------------------------------------

-- 
Diego Lima
http://sg.homelinux.com:81
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20061004/880d49f4/attachment.bin

More information about the Kerberos mailing list