kdb5_ldap_util,, -create_service ----help required

luxInteg lux-integ at btconnect.com
Sat Jan 21 14:13:40 EST 2012 

Greetings,

I am new to this list.  I am attempting to implement kerberos with   an 
openldap database back end.  My computer has these:-
--cpu: amd64, 2 Gbytes RAM
--OS  pure 64-bit cblfs linux  kernel 3.2.1, gcc-4.5.2 openldap-2.4.23 and 
MIT-kerberos-1.8.1 compiled from soure-code

I read thogh the krb5   documentation (bundled with the source code).  I  need 
to create two service-objects called  kdc-service and adm-service using the 
krb5_ldap-util binary.  I am unable to do so following the instructions in the 
krb5 documentation.

I tried this first:-

 /usr/local/sbin/kdb5_ldap_util \
-D cn=admin,dc=mydomain,dc=com \
-H ldap://myhost.mydomain.com \
-create_service -kdc \
-servicehost myhost.mydomain.com:otherhost2.mydomain.com \
-service_dn cn=kdc-service,dc=mydomain,dc=com 

with a view to   doing this:-
 
/usr/local/sbin/kdb5_ldap_util setsrvpw \
-D cn=admin,dc=mydomain,dc=com \
-H ldap://myhost.mydomain.com setsrvpw \
-f /etc/servicePW  \
-service_dn cn=kdc-service,dc=mydomain,dc=com

( i.e to set a password thereafter ).  However the response was this:-

############
Usage: kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]
	cmd [cmd_options]
create          [-subtrees subtree_dn_list] [-sscope search_scope] [-
containerref container_reference_dn]
		[-m|-P password|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]
		[-maxtktlife max_ticket_life] [-maxrenewlife 
max_renewable_ticket_life]
		[ticket_flags] [-r realm]
modify          [-subtrees subtree_dn_list] [-sscope search_scope] [-
containerref container_reference_dn]
		[-maxtktlife max_ticket_life] [-maxrenewlife 
max_renewable_ticket_life]
		[ticket_flags] [-r realm]
view            [-r realm]
destroy                [-f] [-r realm]
list
stashsrvpw      [-f filename] service_dn
create_policy   [-r realm] [-maxtktlife max_ticket_life]
		[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy
modify_policy   [-r realm] [-maxtktlife max_ticket_life]
		[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy
view_policy     [-r realm] policy
destroy_policy  [-r realm] [-force] policy
list_policy     [-r realm]
############

in otherwords    /usr/local/sbin/kdb5_ldap_util  .....  -create_service  
does  not appear to exist or be working for me.

I then copied  the unmodified  command as in the krb5 dosumentatiion  (bundled 
with the source code) namely:-

/usr/local/sbin/kdb5_ldap_util \
-D cn=admin,dc=mydomain,dc=com \
-H ldap://myhost.mydomain.com create_service \
-kdc -randpw -f /etc/servicePW cn=kdc-service,dc=mydomain,dc=com 

but the result was the same.


--------------

I do not know if this is due to  something missing in how either  krb5-1.8.1 
and/or openldap-2.4.23 were  compiled or otherwise.  Accordingly advice would 
be much appreciated.

yours sincerely

lux-integ

More information about the Kerberos mailing list