LDAP backend - help needed...
Berthold Cogel
cogel at uni-koeln.de
Tue May 8 09:03:09 EDT 2012
Am 07.05.2012 18:16, schrieb Greg Hudson:
> On 05/07/2012 11:38 AM, Berthold Cogel wrote:
>> -rw------- 1 root root 128 May 7 16:09 service.keyfile
>
>> [root at hydra krb5kdc]# kadmin.local
>> kadmin.local: unable to get default realm
>
> I'm not sure why kadmin.local wouldn't be reading your krb5.conf file
> (partly because krb5 1.6 was a long time ago). Does strace show it
> trying to open anything other than kdc.conf?
>
At least I've got this one sorted out... arrgh...
kdb5_ldap_util is reading both kdc.conf and krb5.conf. But it searches
krb5.conf for the backend definitions. In a book I found the hint to set
KRB5_CONFIG to kdc.conf. And I missed the 'unset' statement. Sorry...
Now kadmin.local behaves perfectly for this case.
>> [root at hydra krb5kdc]# kadmin.local -r EXAMPLE.UNI-KOELN.DE
>> Authenticating as principal root/admin at EXAMPLE.UNI-KOELN.DE with password.
>> kadmin.local: Invalid argument while initializing kadmin.local interface
>
> I've most commonly seen this error when:
>
> (1) There was something in service.keyfile before kdb5_ldap_util
> stashsrvpw was run. Usually a copy of the master key stash due to admin
> confusion.
> (2) kdb5_ldap_util stashsrvpw appends rather than replacing the stash
> file (I assume so that you can iteratively stash multiple passwords).
> (3) The LDAP module gives an unhelpful error message when it detects a
> malformed service.keyfile.
>
> Anyway, try deleting service.keyfile, re-running kdb5_ldap_util
> stashsrvpw, and trying again.
I did this several times. But perhaps I've missed something else. I will
try again.
More information about the Kerberos
mailing list