kinit(v5): Cannot contact any KDC for requested ...
Chittaranjan Mandal
Chittaranjan.Mandal at iitkgp.ac.in
Mon Aug 13 11:19:36 EDT 2007
On Mon, 2007-08-13 at 09:38 -0400, Kevin Coffman wrote:
> On 12 Aug 2007 16:27:22 +0530, Chittaranjan Mandal <Chittaranjan.Mandal at iitkgp.ac.in> wrote:
> > I am trying to setup kerberos, but I am getting the above problem.
> > My krb5.conf file is attached. Could you please help.
> >
> > I had run the following commands.
> > # kdb5_util create -r chitta.cse.krb -s
> > # kadmin.local -q "addprinc admin/admin"
> > # kadmin.local -q "addprinc kuser"
> > # kadmin.local -q "getprincs"
>
> These commands create the database. Are you actually running the kdc process?
>
> BTW, realm names are conventionally all upper-case.
Okay, this is what I have now. Both kinit and kadmin still fail.
# kdb5_util create -r CHITTA.CSE.KRB -s
# kadmin.local -q "addprinc admin/admin"
# kadmin.local -q "addprinc kuser"
# kadmin.local -q "getprincs"
Authenticating as principal root/admin at CHITTA.CSE.KRB with password.
K/M at CHITTA.CSE.KRB
admin/admin at CHITTA.CSE.KRB
kadmin/admin at CHITTA.CSE.KRB
kadmin/changepw at CHITTA.CSE.KRB
kadmin/history at CHITTA.CSE.KRB
kadmin/localhost at CHITTA.CSE.KRB
krbtgt/CHITTA.CSE.KRB at CHITTA.CSE.KRB
kuser at CHITTA.CSE.KRB
# /etc/init.d/krb5server restart
Stopping Kerberos 5 Admin Server: [ OK ]
Stopping Kerberos 5 KDC: [ OK ]
Starting Kerberos 5 KDC: [ OK ]
Starting Kerberos 5 Admin Server: [ OK ]
# /etc/init.d/krb5server status
krb5kdc (pid 10777) is running...
kadmind (pid 10788) is running...
krb524d is stopped
# kinit
kinit(v5): Cannot contact any KDC for requested realm while getting initial credentials
# kadmin
Authenticating as principal root/admin at CHITTA.CSE.KRB with password.
kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface
# host chitta.cse.iitkgp.ernet.in
chitta.cse.iitkgp.ernet.in has address ... (resolves to a private 10.0.0.0 address)
The files kdc.conf and krb5.conf are attached.
--
Chitta Mandal <chitta at iitkgp.ac.in>
IIT Kharagpur
-------------- next part --------------
[kdcdefaults]
kdc_ports = 88
acl_file = /etc/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /etc/kerberos/krb5kdc/kadm5.keytab
[realms]
CHITTA.CSE.KRB = {
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
profile = /etc/krb5.conf
database_name = /etc/kerberos/krb5kdc/principal
admin_database_name = /etc/kerberos/krb5kdc/kadm5_adb
admin_database_lockfile = /etc/kerberos/krb5kdc/kadm5_adb.lock
admin_keytab = FILE:/etc/kerberos/krb5kdc/kadm5.keytab
acl_file = /etc/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
key_stash_file = /etc/kerberos/krb5kdc/.k5stash
kdc_ports = 88
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
}
-------------- next part --------------
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
default = SYSLOG:INFO:USER
[libdefaults]
ticket_lifetime = 24000
default_realm = CHITTA.CSE.KRB
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = true
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
CHITTA.CSE.KRB = {
kdc = chitta.cse.iitkgp.ernet.in:88
admin_server = chitta.iitkgp.ernet.in:749
default_domain = cse.iitkgp.ernet.in
}
[domain_realm]
.cse.iitkgp.ernet.in = CHITTA.CSE.KRB
chitta.cse.iitkgp.ernet.in = CHITTA.CSE.KRB
[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[login]
krb4_convert = false
krb4_get_tickets = false
More information about the Kerberos
mailing list