MIT Kerberos & Fedora DS

Pablo Cuenca pablo.cuenca at map.es
Wed Aug 29 05:42:38 EDT 2007 

Hello,

   has anybody succeeded in installing MIT Kerberos implementation using 
FedoraDS as
LDAP repository ?
    In the tests we're performing neither kadmin.local nor krb5kdc 
starts although we have been
able to create the database with kdb5_ldap_util. The error we're getting is:

prueba-sso[root]:/opt/kerberos-mit/prod>sbin/kadmin.local
Authenticating as principal root/admin at PRUEBA-SSO.MAP.ES with password.
kadmin.local: Server error while initializing kadmin.local interface

our krb5.conf:

[libdefaults]
        default_realm = PRUEBA-SSO.MAP.ES

        default_keytab_name = FILE:/opt/kerberos-mit/prod/var/krb5.keytab
        default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
        default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
        dns_lookup_kdc = true
        dns_lookup_realm = false

[realms]
        PRUEBA-SSO.MAP.ES = {
                master_kdc = localhost
                kdc = localhost
                database_module = openldap_ldapconf
        }

[domain_realm]

.zona.prueba-sso.map.es = PRUEBA-SSO.MAP.ES
zona.prueba-sso.map.es = PRUEBA-SSO.MAP.ES

[logging]

    default = FILE:/opt/kerberos-mit/prod/var/log/krb5-default.log
    kdc = FILE:/opt/kerberos-mit/prod/var/log/kdc.log
    admin_server = FILE:/opt/kerberos-mit/prod/var/log/kadmind.log

[dbdefaults]
         ldap_kerberos_container_dn = cn=krbcontainer,dc=map,dc=es

[dbmodules]
        db_module_dir = /opt/kerberos-mit/prod/lib/krb5/plugins

    openldap_ldapconf = {
        dbname = ldap
        db_library = kldap
        ldap_kerberos_container_dn = cn=krbcontainer,dc=map,dc=es

        ldap_kdc_dn = "cn=admin,dc=map,dc=es"
        ldap_kadmind_dn = "cn=admin,dc=map,dc=es"

        #ldap_service_password_file = 
/opt/kerberos-mit/prod/var/service.keyfile
        ldap_service_password_file = /etc/kerberos/service.keyfile
        ldap_servers = ldap://localhost
        ldap_conns_per_server = 5
    }

Entries in FedoraDS are:

 >ldapsearch -LLL -x -b cn=krbcontainer,dc=map,dc=es  dn
dn: cn=krbcontainer,dc=map,dc=es

dn: cn=PRUEBA-SSO.MAP.ES,cn=krbcontainer,dc=map,dc=es

dn: 
krbprincipalname=K/M at PRUEBA-SSO.MAP.ES,cn=PRUEBA-SSO.MAP.ES,cn=krbcontaine
 r,dc=map,dc=es

dn: 
krbprincipalname=krbtgt/PRUEBA-SSO.MAP.ES at PRUEBA-SSO.MAP.ES,cn=PRUEBA-SSO.
 MAP.ES,cn=krbcontainer,dc=map,dc=es

dn: 
krbprincipalname=kadmin/admin at PRUEBA-SSO.MAP.ES,cn=PRUEBA-SSO.MAP.ES,cn=kr
 bcontainer,dc=map,dc=es

dn: 
krbprincipalname=kadmin/changepw at PRUEBA-SSO.MAP.ES,cn=PRUEBA-SSO.MAP.ES,cn
 =krbcontainer,dc=map,dc=es

dn: 
krbprincipalname=kadmin/history at PRUEBA-SSO.MAP.ES,cn=PRUEBA-SSO.MAP.ES,cn=
 krbcontainer,dc=map,dc=es

dn: 
krbprincipalname=kadmin/prueba-sso.map.es at PRUEBA-SSO.MAP.ES,cn=PRUEBA-SSO.
 MAP.ES,cn=krbcontainer,dc=map,dc=es


log for kadmin is empty.

MIT Kerberos Version is: 1.6.2
FedoraDS Version: 1.0.4-1.RHEL4


Thanks

More information about the Kerberos mailing list