Missing admin/hosts/users policies in recent krb-server build (RHEL4.5)

Anna avison44 at googlemail.com
Thu Nov 20 12:29:16 EST 2008


Greetings All,

I built a test kerberos server a month ago & it had some pre-installed
account policies. But in duplicating this (prod server & other test
servers),
no policies!! Can anyone advise?

more info:

I'm new to Kerberos & AFS (AFS being the reason for using Kerberos).
I've googled a couple hours about this & can't find any answers.

I'm following instructions for Fedora 9, although I'm using
ScientificLinux 4.5 = a clone of RHEL4.5.

http://www.dementia.org/twiki/bin/view/AFSLore/FedoraAFSInstall

On a test server built a month ago, these rpms installed:

root at vlad> rpm -qa | grep krb | sort
krb5-auth-dialog-0.2-1.i386
krb5-devel-1.3.4-54.el4_6.1.i386
krb5-libs-1.3.4-54.el4_6.1.i386
krb5-server-1.3.4-54.el4_6.1.i386
krb5-workstation-1.3.4-54.el4_6.1.i386
krbafs-1.2.2-6.i386
krbafs-devel-1.2.2-6.i386
krbafs-utils-1.2.2-6.i386
openafs-krb5-1.4.6-58.SL4.i386
pam_krb5-2.1.8-1.i386

It is pre-configured with policies admin, hosts, users.

root at vlad> kadmin.local -q "getpols"
Authenticating as principal root/admin at KTEST.PHY with password.
admin
default (I made that one)
hosts
users

In starting work on the real server - same except 64-bit - & after the
default policy was made, it was clear it did not come with admin,
hosts,
users policies!

root at zen> kadmin.local -q "getpols"
Authenticating as principal admin/admin at KREAL.PHY with password.
default

Experiments were made on a 32-bit SL4.5 VM - following (hopefully) the
exact
same as the first krb server (that has policies) - with the same
result - no
policies :

root at sl45vm-min> rpm -qa | grep krb | sort
krb5-auth-dialog-0.2-1.i386
krb5-devel-1.3.4-54.el4_6.1.i386
krb5-libs-1.3.4-54.el4_6.1.i386
krb5-server-1.3.4-54.el4_6.1.i386
krb5-workstation-1.3.4-54.el4_6.1.i386
krbafs-1.2.2-6.i386
krbafs-devel-1.2.2-6.i386
openafs-krb5-1.4.6-58.SL4.i386
pam_krb5-2.1.8-1.i386

root at sl45vm-min> kadmin.local -q "getpols"
Authenticating as principal root/admin at KTEST.PHY with password.


The source was downloaded for krb5-1.3.4 from MIT, compiled &
installed,
configured and... no policies either.

Where might one look for why a server built a month ago has admin,
users,
hosts policies built in, but any other machine since has none?

The policies can be made by hand, but am concerned & puzzled why they
are
gone.

Many thanks for advice.



More information about the Kerberos mailing list