Streamlining host principal keytab provisioning?

Sebastian Galiano Sebastian.Galiano at spilgames.com
Tue May 1 03:44:50 EDT 2012


Slowly I managing to make some steps forward! :)...Now i got the remctld running,and  i added the wallet configuration into the krb5.conf (client side). But when try to get a ticket I get the following error:

$wallet -f keytab  get keytab nfs/hostname.REALMNAME
wallet: GSS-API error initializing context: Unspecified GSS failure.  Minor code may provide more information, Cannot contact any KDC for requested realm

At the remctld server I see:
remctld: child 21447 for <client IP address> 
remctld: error receiving context token: unexpected end of file
remctld: child 21447 done





________________________________________
From: Russ Allbery [rra at stanford.edu]
Sent: 27 April 2012 18:25
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos at mit.edu
Subject: Re: Streamlining host principal keytab provisioning?

Sebastian Galiano <Sebastian.Galiano at spilgames.com> writes:

> Ok...I i follow the instructions, but now I'm getting this error when i
> try to execute the daemon:
> $sudo remctld -S
> remctld: cannot get peer address: Socket operation on non-socket

There are two ways to run remctld: either run it from inetd or xinetd, or
run it as a daemon.  If you're trying to run it as a standalone daemon,
which the above implies, you need to add the -m option.  Generally, I
would recommend running it from inetd; it's usually simpler.  But if you
want to start it from the command line one time just to see how it works,
I recommend remctld -mSFd, which starts it in daemon mode (-m), logging to
standard output instead of syslog (-S), without backgrounding itself (-F),
and with debug logging enabled (-d).  This will let you see exactly what
it's doing.

--
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list