"Missing parameters in krb5.conf" for kadmin

Brian Candler B.Candler at pobox.com
Thu Dec 30 05:55:59 EST 2010


I'm using mit 1.8.1 under Ubuntu 10.04.1 server, and I have a very minimal
krb5.conf:

  [libdefaults]
  default_realm = WS.NSRC.ORG
  dns_lookup_realm = true
  dns_lookup_kdc = true

I have intentionally left out the [realm] definition with a pointer to
the kadmin server, and I'm aware that kadmin can't yet lookup SRV records
to find the admin server (*)

So I thought I would be able to give the required parameters on the kadmin
command line, but it appears not:

  # kadmin -p inst/admin -r WS.NSRC.ORG -s noc.ws.nsrc.org:749
  Authenticating as principal inst/admin with password.
  kadmin: Missing parameters in krb5.conf required for kadmin client while initializing kadmin interface

However it works if I add some junk into krb5.conf:

  [realms]
  WS.NSRC.ORG = {
    admin_server = 1.1.1.1:9999
  }

(i.e. the -s parameter does override the junk)

Is this behaviour intentional? Unless I've missed something, it means I
can't run kadmin anywhere that hasn't had krb5.conf explicitly configured
with the realm.

Thanks,

Brian.

(*) That's what the documentation says, although I do have it setup just
in case:

$ dig _kerberos-adm._tcp.ws.nsrc.org srv
...
;; ANSWER SECTION:
_kerberos-adm._tcp.ws.nsrc.org.	600 IN	SRV	0 0 749 kdc1.ws.nsrc.org.



More information about the Kerberos mailing list