multiple realm setup
Kanika Malhotra
kmalhotr at gmail.com
Wed Feb 7 21:06:20 EST 2007
Hello,
I have been tryin to setup multiple realm support in a Single KDC but keep
encountering the same error -
krb5kdc: Cannot find master key record in database - while verifying master
key for realm <realm2>
I followed the following steps -
created a krb5.conf
[libdefaults]
default_realm = REALM1
[realms]
REALM1 = {
admin_server = server1
kdc = server1
}
REALM2 = {
admin_server = server2
kdc = server2
}
created a kdc.conf
[kdcdefaults]
kdc_ports = 88
[realms]
<REALM1> = {
database_name = /var/db/krb5kdc/principal
admin_keytab = FILE:/var/db/krb5kdc/kadm5.keytab
acl_file = /var/db/krb5kdc/kadm5.acl
kadmin_port = 748
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac-md5:normal
des-cbc-crc:normal des-cbc-crc:v4
kdc_supported_enctypes = des3-hmac-sha1:normal
arcfour-hmac-md5:normal des-cbc-crc:normal des-cbc-crc:v4
}
<REALM2> = {
database_name = /var/db/krb5kdc/realm2/principal
admin_keytab = FILE:/var/db/krb5kdc/realm2/kadm5.keytab
admin_database_name = /var/db/krb5kdc/realm2/principal.kadm5
admin_database_lockfile = /var/db/krb5kdc/realm2/principal.kadm5.lock
acl_file = /var/db/krb5kdc/realm2/kadm5.acl
kadmin_port = 748
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac-md5:normal
des-cbc-crc:normal des-cbc-crc:v4
kdc_supported_enctypes = des3-hmac-sha1:normal
arcfour-hmac-md5:normal des-cbc-crc:normal des-cbc-crc:v4
}
ran kdb5_util
kdb5_util -r REALM2 -d /var/db/krb5kdc/realm2/principal create
kdb5_util -r REALM1 -d /var/db/krb5kdc/principal create
but when I run krb5kdc -r REALM1 -r REALM2
I get the error
krb5kdc: Cannot find master key record in database - while verifying master
key for realm REALM2
any pointers as to what am missing would be appreciated.
Thanks
K
More information about the Kerberos
mailing list