Need help setting up kerberos for the first time
Andrey Falko
ma3oxuct at gmail.com
Mon Sep 28 12:01:27 EDT 2009
Hi everyone,
I am new to Kerberos and having some trouble setting it up. Here are the
steps that I took:
a) Edited /etc/krb5.conf:
[libdefaults]
default_realm = USDSTORAGE.COM
krb4_config = /usr/kerberos/lib/krb.conf
krb4_realms = /usr/kerberos/lib/krb.realms
[realms]
USSTORAGE.COM = {
admin_server = USDSTORAGE.COM
default_domain = USDSTORAGE.COM
kdc = USDSTORAGE.COM
}
[domain_realm]
.usdstorage.com = USDSTORAGE.COM
usdstorage.com = USDSTORAGE.COM
b) mkdir /var/lib/krb5kdc
c) Edit /etc/kdc.conf:
[kdcdefaults]
kdc_ports = 750,88
[realms]
USDSTORAGE.COM = {
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/var/lib/krb5kdc/kadm5.keytab
acl_file = /var/lib/krb5kdc/kadm5.acl
key_stash_file = /var/lib/krb5kdc/.k5.USDSTORAGE.COM
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
}
d) Edit /var/lib/krb5kdc/kadm5.acl:
*/admin at USDSTORAGE.COM *
e)
cd /var/lib/krb5kdc
kdb5_util create -r USDSTORAGE.COM -s
f) Edit /etc/hosts:
127.0.0.1 localhost USDSTORAGE.COM KRB.USDSTORAGE.COM Gentoo-testvm1
usdsstorage.com krb.usdstorage.com
g) kadmin.local
kadmin.local: afsadmin at USDSTORAGE.COM
kadmin.local: afsadmin/admin at USDSTORAGE.COM
addprinc -randkey afs/USDSTORAGE.com at USDSTORAGE.COM
ktadd -e des-cbc-crc:normal -k /etc/krb5.keytab.afs afs/USDSTORAGE.com
h) /etc/init.d/mit-krb5kadmind start
/etc/init.d/mit-krb5kdc start
I then try a simple test:
# kinit afsadmin
kinit(v5): Cannot resolve network address for KDC in realm
USDSTORAGE.COMwhile getting initial credentials
What am I doing wrong, if anything? Everything appears consistent to me in
terms of network config as well as the kerberos config files. Can someone
hint to things I can do in order to troubleshoot this at a deeper level?
Thank you in advance for any help. I've been struggling with this for weeks.
Googling has not helped :(.
-Andrey
More information about the Kerberos
mailing list