Problem in get ticket from Kerberos

Hans van Zijst hans at woefdram.nl
Tue Aug 11 05:50:33 EDT 2009


Hi Bruno,

Looks like Kerberos can't figure out which server(s) to contact. You can 
resolve the domain, but according to krb5.conf you use kdc.AmbLivre as 
your KDC.

You have to make sure Kerberos can find the IP address of kdc.AmbLivre, 
either by specifying it in /etc/hosts (which means it's still available 
should DNS fail) or make sure it can be found through DNS.

See 
http://www.gnu.org/software/shishi/manual/html_node/Configuring-DNS-for-KDC.html
for some more info on what you could (should?) put into DNS.

Kind regards,

Hans


Bruno Steven wrote:
> Hello
> 
> I have problem for get tickets from kerberos in my Centos 5.2, when I type
> this command /usr/local/kerberos/bin/kinit admin at LABCOM.UNASP
> Show this message
> 
> kinit(v5): Cannot resolve network address for KDC in realm LABCOM.UNASP
> while getting initial credentials
> 
> I don´t understand why this message !!! My DNS is work , I can resolve the
> domain (LABCOM.UNASP)
> 
>  nslookup  labcom.unasp
> Server:         192.168.4.66
> Address:        192.168.4.66#53
> 
> Name:   labcom.unasp
> Address: 192.168.4.2
> 
> 
> My DNS server is on Windows 2003 Server , this command kinit was tested from
> the server Linux with Centos 5.2 using version keberos 1.6 of MIT , follow I
> paste kr5b.conf
> 
> [libdefaults]
>     # determines your default realm name
>     default_realm = LABCOM.UNASP
>     default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
>     default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
>     permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
>     kdc_timesync = 1
>     ccache_type = 4
>     forwardable = true
>     proxiable = true
> 
> [realms]
>     LABCOM.UNASP = {
>         # specifies where the servers are and on
>         # which ports they listen (88 and 749 are
>         # the standard ports)
>         kdc = kdc.AmbLivre:88
>         admin_server = kdc.AmbLivre:749
>         default_domain = labcom.unasp
>   }
> 
> [domain_realm]
>     # maps your DNS domain name to your Kerberos
>     # realm name
>     .labcom.unasp  = LABCOM.UNASP
>     labcom. = LABCOM.UNASP
> [kdc]
>     profile = /var/kerberos/krb5kdc/kdc.conf
> [logging]
>     # determines where each service should write its
>     # logging info
>     kdc = SYSLOG:INFO:DAEMON
>     admin_server = SYSLOG:INFO:DAEMON
>     default = SYSLOG:INFO:DAEMON
> 
> 
> and kdc.conf
> 
> [kdcdefaults]
>  v4_mode = nopreauth
>  kdc_tcp_ports = 750,88
> 
> [realms]
>  LABCOM.UNASP = {
>   database_name = /var/kerberos/krb5kdc/principal
>   key_stash_file = /var/kerberos/krb5kdc/.k5.LABCOM.UNASP
>   master_key_type = des3-hmac-sha1
>   acl_file = /var/kerberos/krb5kdc/kadm5.acl
>   dict_file = /usr/share/dict/words
>   admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
>   supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
> des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4
> des-cbc-crc:a
> fs3
>   kdc_ports = 750,88
>   max_file = 10h 0m 0s
>   max_renewable_life = 7d 0h 0m 0s
> }
> 
> I try resolv but I can´t  resolve this problem , somebody can helpme get
> ticket from keberos !!!
> 
> Thanks
> 



More information about the Kerberos mailing list