Starting the kadmin daemon proccess on ubuntu

Anthony McGovern amcgovern at tssg.org
Tue Nov 20 10:39:27 EST 2007 

Good Afternoon
               I was hoping someone could help me with a little problem
im having with Kerberos. I've been following the admin and install
guides on the MIT website and I'm now at the point where i have to start
the deamon processes krb5kdc and kadmin. Everything up to this point has
worked fine. I can start the krb5kdc proccess without any problems: 

tssgtestbox at tssgtestbox:/krb5/sbin$ sudo krb5kdc
tssgtestbox at tssgtestbox:/krb5/sbin$
tssgtestbox at tssgtestbox:/krb5/sbin$ ps -ef | grep krb
root      4943     1  0 15:31 ?        00:00:00 ./krb5kdc
1000      4945  4830  0 15:31 pts/0    00:00:00 grep krb
tssgtestbox at tssgtestbox:/krb5/sbin$

However when i try to start the kadmin process i get the following error

tssgtestbox at tssgtestbox:/krb5/sbin$ sudo kadmin
Authenticating as principal root/admin at KERBEROS.MYDOMAIN.COM with
password.
kadmin: Incorrect password while initializing kadmin interface

I have created the kadm5.acl file its only got 2 lines at the moment as
im only testing before i add more to it 

root/admin at KERBEROS.MYDOMAIN.COM *
*/*@KERBEROS.MYDOMAIN.COM *


and i can run the kadmin.local command fine. I have added
root/admin at KERBEROS.MYDOMAIN.COM into the kerberos database using the
kadmin.local but every time i try to run kadmin i get the above error.
Also its worth noting that i only have 1 KDC. I was only able to obtain
i system for this so i cant setup a slave KDC. I only have a master
running I'm hoping thats not the problem. 


Another unusual thing I've noticed but its not that important yet is
that Kerberos isn't writing to my log files. These are the lines from my
krb5.conf file in my /etc directory 

[logging]
        kdc = FILE:/krb5/var/logs/kdc.log
        admin_server = FILE:/krb5/var/logs/adm.log
        default = FILE:/krb5/var/logs/log.log

I have made sure the .log files exist and are in the directory specified
above. But if i could get the kadmin issue sorted first id be really
greatful. 

Kind Regards
Anthony McGovern

More information about the Kerberos mailing list