Cannot initialize GSS-API authentication, failing.
Jeff Blaine
jblaine at kickflop.net
Wed Jan 24 21:42:04 EST 2007
This doesn't look too promising. Any help, again, would
be greatly appreciated.
Solaris 10 6/06 release. Setting up a master KDC from scratch.
====================================================================
See further down for spammy kadmin.local set up output that
was generated seconds before the following:
bash-3.00# svcadm enable -r network/security/krb5kdc
bash-3.00# svcs -l krb5kdc
fmri svc:/network/security/krb5kdc:default
name Kerberos key distribution center
enabled true
state online <-------------- good
next_state none
state_time Wed Jan 24 21:29:00 2007
logfile /var/svc/log/network-security-krb5kdc:default.log
restarter svc:/system/svc/restarter:default
contract_id 100
dependency require_all/error svc:/network/dns/client (online)
bash-3.00# svcadm enable -r network/security/kadmin
bash-3.00# svcs -l kadmin
fmri svc:/network/security/kadmin:default
name Kerberos administration daemon
enabled true
state maintenance <-------------- bad
next_state none
state_time Wed Jan 24 21:29:19 2007
logfile /var/svc/log/network-security-kadmin:default.log
restarter svc:/system/svc/restarter:default
contract_id
dependency require_all/error svc:/network/dns/client (online)
bash-3.00#
====================================================================
bash-3.00# /usr/sbin/kadmin -p jblaine/admin
Authenticating as principal jblaine/admin at JBTEST with password.
kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
====================================================================
bash-3.00# kinit -p jblaine/admin
Password for jblaine/admin at JBTEST:
bash-3.00# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: jblaine/admin at JBTEST
Valid starting Expires Service principal
01/24/07 21:29:58 01/25/07 21:29:58 krbtgt/JBTEST at JBTEST
renew until 01/31/07 21:29:58
bash-3.00#
====================================================================
/var/adm/kadmin.log has this useful message repeating:
Jan 24 21:29:18 mega1.mitre.org kadmind[1125](Error): Cannot initialize
GSS-API authentication, failing.
====================================================================
For what it's worth, here are the set up commands I entered
seconds BEFORE what you see in the screen pastes that start
this email:
bash-3.00# kadmin.local
Authenticating as principal root/admin at JBTEST with password.
kadmin.local: addprinc jblaine/admin
WARNING: no policy specified for jblaine/admin at JBTEST; defaulting to no
policy
Enter password for principal "jblaine/admin at JBTEST":
Re-enter password for principal "jblaine/admin at JBTEST":
Principal "jblaine/admin at JBTEST" created.
kadmin.local: addprinc -randkey kiprop/mega1.mitre.org
WARNING: no policy specified for kiprop/mega1.mitre.org at JBTEST;
defaulting to no policy
Principal "kiprop/mega1.mitre.org at JBTEST" created.
kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/mega1.mitre.org
Entry for principal kadmin/mega1.mitre.org with kvno 3, encryption type
AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab
WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal kadmin/mega1.mitre.org with kvno 3, encryption type
Triple DES cbc mode with HMAC/sha1 added to keytab
WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal kadmin/mega1.mitre.org with kvno 3, encryption type
ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal kadmin/mega1.mitre.org with kvno 3, encryption type
DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5/kadm5.keytab.
kadmin.local: ktadd -k /etc/krb5/kadm5.keytab changepw/mega1.mitre.org
Entry for principal changepw/mega1.mitre.org with kvno 3, encryption
type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab
WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal changepw/mega1.mitre.org with kvno 3, encryption
type Triple DES cbc mode with HMAC/sha1 added to keytab
WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal changepw/mega1.mitre.org with kvno 3, encryption
type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal changepw/mega1.mitre.org with kvno 3, encryption
type DES cbc mode with RSA-MD5 added to keytab
WRFILE:/etc/krb5/kadm5.keytab.
kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kadmin/changepw
Entry for principal kadmin/changepw with kvno 3, encryption type AES-128
CTS mode with 96-bit SHA-1 HMAC added to keytab
WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type Triple
DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type ArcFour
with HMAC/md5 added to keytab WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type DES cbc
mode with RSA-MD5 added to keytab WRFILE:/etc/krb5/kadm5.keytab.
kadmin.local: ktadd -k /etc/krb5/kadm5.keytab kiprop/mega1.mitre.org
Entry for principal kiprop/mega1.mitre.org with kvno 3, encryption type
AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab
WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal kiprop/mega1.mitre.org with kvno 3, encryption type
Triple DES cbc mode with HMAC/sha1 added to keytab
WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal kiprop/mega1.mitre.org with kvno 3, encryption type
ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5/kadm5.keytab.
Entry for principal kiprop/mega1.mitre.org with kvno 3, encryption type
DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5/kadm5.keytab.
kadmin.local: quit
bash-3.00#
====================================================================
I am following this document. Yeah, it's Solaris Kerberos. But
it's MIT Kerberos too.
http://docs.sun.com/app/docs/doc/816-4557/6maosrjl2?a=view
More information about the Kerberos
mailing list