hi,how can i add a client to KDS? kadmin: Incorrect password while initializing kadmin interface

ch huang justlooks at gmail.com
Thu Dec 19 02:00:15 EST 2013 

and here is log output from KDS

Dec 19 14:49:48 CH124 krb5kdc[16324](info): AS_REQ (12 etypes {18 17 16 23
1 3 2 11 10 15 12 13}) 192.168.10.126: SERVER_NOT_FOUND:
host/monitor.benchmark.com at BENCHMARK.COM for
kadmin/kerberos.benchmark.com at BENCHMARK.COM, Server not found in Kerberos
database
Dec 19 14:49:48 CH124 krb5kdc[16324](info): AS_REQ (12 etypes {18 17 16 23
1 3 2 11 10 15 12 13}) 192.168.10.126: ISSUE: authtime 1387435788, etypes
{rep=18 tkt=18 ses=18}, host/monitor.benchmark.com at BENCHMARK.COM for
kadmin/admin at BENCHMARK.COM

On Thu, Dec 19, 2013 at 2:57 PM, ch huang <justlooks at gmail.com> wrote:

> hi,maillist:
>            i do the following action but seems not work
>
> # yum install krb5-workstation
> copy krb5.conf from KDS host
>
> and here is my krb5.conf content
>
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
> [libdefaults]
>  default_realm = EXAMPLE.COM <http://example.com/>
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
>  ticket_lifetime = 24h
>  forwardable = yes
> [realms]
>  BENCHMARK.COM <http://benchmark.com/> = {
>   kdc = kerberos.benchmark.com:88
>   admin_server = kerberos.benchmark.com:749
>   default_domain = benchmark.com
>  }
> [domain_realm]
>  .benchmark.com = BENCHMARK.COM <http://benchmark.com/>
>  benchmark.com = BENCHMARK.COM <http://benchmark.com/>
> [appdefaults]
>  pam = {
>    debug = false
>    ticket_lifetime = 36000
>    renew_lifetime = 36000
>    forwardable = true
>    krb4_convert = false
>  }
> also, client can find KDS
>
> # nslookup 192.168.10.124
> Server:         192.168.10.124
> Address:        192.168.10.124#53
> 124.10.168.192.in-addr.arpa     name = kerberos.benchmark.com.
> # ping kerberos.benchmark.com
> PING kerberos.benchmark.com (192.168.10.124) 56(84) bytes of data.
> 64 bytes from CH124 (192.168.10.124): icmp_seq=1 ttl=64 time=0.109 ms
> 64 bytes from CH124 (192.168.10.124): icmp_seq=2 ttl=64 time=0.166 ms
>
> when i do this from client ,it not work
>
> # kadmin -r BENCHMARK.COM <http://benchmark.com/> -p
> host/monitor.benchmark.com at BENCHMARK.COM -w root -q "ktadd  -k
> /etc/krb5.keytab host/monitor.benchmark.com at BENCHMARK.COM"
> Authenticating as principal host/monitor.benchmark.com at BENCHMARK.COM with
> password.
> kadmin: Incorrect password while initializing kadmin interface
> but i can do on KDS with same password,i do not know why? anyone can help?
>
> # kadmin -r BENCHMARK.COM <http://benchmark.com/>
> Authenticating as principal root/admin at BENCHMARK.COM with password.
> Password for root/admin at BENCHMARK.COM:
> kadmin:
>
>
>

More information about the Kerberos mailing list