Same config as server: kinit(v5): Improper format of Kerberos configuration file...

Mathew Rowley mathew_rowley at cable.comcast.com
Mon Dec 22 12:06:33 EST 2008


I am trying to set up a server for kerberos authentication, but when I copy
my krb5.conf file over to the server, I get the following error while trying
to do a kinit:

kinit(v5): Improper format of Kerberos configuration file while initializing
Kerberos 5 library

The only difference I can see is the versions installed on the kerberos
server vs the secondary server.  The kerberos server has 1.6.1, and the
machine I want to use krb based auth has 1.4.3. Will that cause this error
to occur?  This is the krb5.conf file:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = IPA.COMCAST.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

[realms]
 IPA.COMCAST.COM = {
  kdc = ipa01.security.lab.comcast.com:88
  admin_server = ipa01.security.lab.comcast.com:749
  default_domain = security.lab.comcast.com
  database_module = openldap_ldapconf
 }

[domain_realm]
 .security.lab.comcast.com = IPA.COMCAST.COM
 security.lab.comcast.com = IPA.COMCAST.COM
   
[dbdefaults]
 ldap_kerberos_container_dn = cn=krbcontainer,o=comcast,dc=comcast,dc=com
[dbmodules]
 openldap_ldapconf = {
  db_library = kldap
  ldap_kerberos_container_dn = cn=krbcontainer,o=comcast,dc=comcast,dc=com
  ldap_kdc_dn = "cn=krbadmin,o=comcast,dc=comcast,dc=com"
  # this object needs to have read rights on
  # the realm container, principal container and realm sub-trees
  ldap_kadmind_dn = "cn=krbadmin,o=comcast,dc=comcast,dc=com"
  # this object needs to have read and write rights on
  # the realm container, principal container and realm sub-trees
  ldap_service_password_file = /etc/kerberos/service.keyfile
  ldap_servers = ldap://ipa01.security.lab.comcast.com
  ldap_conns_per_server = 5
}



-- 
MAT




More information about the Kerberos mailing list