kinit(v5): Cannot contact any KDC for requested ...

Chittaranjan Mandal Chittaranjan.Mandal at iitkgp.ac.in
Mon Aug 13 11:19:36 EDT 2007


On Mon, 2007-08-13 at 09:38 -0400, Kevin Coffman wrote:
> On 12 Aug 2007 16:27:22 +0530, Chittaranjan Mandal <Chittaranjan.Mandal at iitkgp.ac.in> wrote:

> > I am trying to setup kerberos, but I am getting the above problem.
> > My krb5.conf file is attached. Could you please help.
> >
> > I had run the following commands.
> > # kdb5_util create -r chitta.cse.krb -s
> > # kadmin.local -q "addprinc admin/admin"
> > # kadmin.local -q "addprinc kuser"
> > # kadmin.local -q "getprincs"
> 
> These commands create the database.  Are you actually running the kdc process?
> 
> BTW, realm names are conventionally all upper-case.

Okay, this is what I have now. Both kinit and kadmin still fail.

# kdb5_util create -r CHITTA.CSE.KRB -s
# kadmin.local -q "addprinc admin/admin"
# kadmin.local -q "addprinc kuser"
# kadmin.local -q "getprincs"
Authenticating as principal root/admin at CHITTA.CSE.KRB with password.
K/M at CHITTA.CSE.KRB
admin/admin at CHITTA.CSE.KRB
kadmin/admin at CHITTA.CSE.KRB
kadmin/changepw at CHITTA.CSE.KRB
kadmin/history at CHITTA.CSE.KRB
kadmin/localhost at CHITTA.CSE.KRB
krbtgt/CHITTA.CSE.KRB at CHITTA.CSE.KRB
kuser at CHITTA.CSE.KRB

# /etc/init.d/krb5server restart
Stopping Kerberos 5 Admin Server:                               [  OK  ]
Stopping Kerberos 5 KDC:                                        [  OK  ]
Starting Kerberos 5 KDC:                                        [  OK  ]
Starting Kerberos 5 Admin Server:                               [  OK  ]
# /etc/init.d/krb5server status
krb5kdc (pid 10777) is running...
kadmind (pid 10788) is running...
krb524d is stopped

# kinit
kinit(v5): Cannot contact any KDC for requested realm while getting initial credentials

# kadmin
Authenticating as principal root/admin at CHITTA.CSE.KRB with password.
kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface

# host chitta.cse.iitkgp.ernet.in
chitta.cse.iitkgp.ernet.in has address ... (resolves to a private 10.0.0.0 address)

The files kdc.conf and krb5.conf are attached.

-- 
Chitta Mandal <chitta at iitkgp.ac.in>
IIT Kharagpur
-------------- next part --------------
[kdcdefaults]
 kdc_ports = 88
 acl_file = /etc/kerberos/krb5kdc/kadm5.acl
 dict_file = /usr/share/dict/words
 admin_keytab = /etc/kerberos/krb5kdc/kadm5.keytab

[realms]
 CHITTA.CSE.KRB = {
  master_key_type = des3-hmac-sha1
  supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
  profile = /etc/krb5.conf
  database_name = /etc/kerberos/krb5kdc/principal
  admin_database_name = /etc/kerberos/krb5kdc/kadm5_adb
  admin_database_lockfile = /etc/kerberos/krb5kdc/kadm5_adb.lock
  admin_keytab = FILE:/etc/kerberos/krb5kdc/kadm5.keytab
  acl_file = /etc/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  key_stash_file = /etc/kerberos/krb5kdc/.k5stash
  kdc_ports = 88
  kadmind_port = 749
  max_life = 10h 0m 0s
  max_renewable_life = 7d 0h 0m 0s
 }
-------------- next part --------------
[logging]
 default = FILE:/var/log/kerberos/krb5libs.log
 kdc = FILE:/var/log/kerberos/krb5kdc.log
 admin_server = FILE:/var/log/kerberos/kadmind.log
 default = SYSLOG:INFO:USER

[libdefaults]
 ticket_lifetime = 24000
 default_realm = CHITTA.CSE.KRB
 default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
 permitted_enctypes = des3-hmac-sha1 des-cbc-crc
 dns_lookup_realm = false
 dns_lookup_kdc = true
 kdc_req_checksum_type = 2
 checksum_type = 2
 ccache_type = 1
 forwardable = true
 proxiable = true

[realms]
 CHITTA.CSE.KRB = {
  kdc = chitta.cse.iitkgp.ernet.in:88
  admin_server = chitta.iitkgp.ernet.in:749
  default_domain = cse.iitkgp.ernet.in
 }

[domain_realm]
  .cse.iitkgp.ernet.in       = CHITTA.CSE.KRB
  chitta.cse.iitkgp.ernet.in = CHITTA.CSE.KRB

[kdc]
 profile = /etc/kerberos/krb5kdc/kdc.conf

[pam]
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false

 [login]
 krb4_convert = false
 krb4_get_tickets = false


More information about the Kerberos mailing list