"Missing parameters in krb5.conf" for kadmin
Brian Candler
B.Candler at pobox.com
Thu Dec 30 05:55:59 EST 2010
I'm using mit 1.8.1 under Ubuntu 10.04.1 server, and I have a very minimal
krb5.conf:
[libdefaults]
default_realm = WS.NSRC.ORG
dns_lookup_realm = true
dns_lookup_kdc = true
I have intentionally left out the [realm] definition with a pointer to
the kadmin server, and I'm aware that kadmin can't yet lookup SRV records
to find the admin server (*)
So I thought I would be able to give the required parameters on the kadmin
command line, but it appears not:
# kadmin -p inst/admin -r WS.NSRC.ORG -s noc.ws.nsrc.org:749
Authenticating as principal inst/admin with password.
kadmin: Missing parameters in krb5.conf required for kadmin client while initializing kadmin interface
However it works if I add some junk into krb5.conf:
[realms]
WS.NSRC.ORG = {
admin_server = 1.1.1.1:9999
}
(i.e. the -s parameter does override the junk)
Is this behaviour intentional? Unless I've missed something, it means I
can't run kadmin anywhere that hasn't had krb5.conf explicitly configured
with the realm.
Thanks,
Brian.
(*) That's what the documentation says, although I do have it setup just
in case:
$ dig _kerberos-adm._tcp.ws.nsrc.org srv
...
;; ANSWER SECTION:
_kerberos-adm._tcp.ws.nsrc.org. 600 IN SRV 0 0 749 kdc1.ws.nsrc.org.
More information about the Kerberos
mailing list