Anonymous kerberos and bootstrapping new hosts - how to?

James Croall jcroall at coverity.com
Fri Sep 6 20:31:41 EDT 2013


Hi Russ,

Thanks for the suggestion! Unfortunately that's not the problem - I gave
that a try, and it's not even communicating with the KDC. There are zero
packets being sent to the server, and per the error message:

Authenticating as principal WELLKNOWN/ANONYMOUS at WELLKNOWN:ANONYMOUS with
password; anonymous requested.
kadmin: Cannot resolve network address for KDC in requested realm while
initializing kadmin interface  <==

It can't seem to find the KDC. Odd, considering the KDC and admin_server
are clearly configured in /etc/krb5.conf and work with the traditional
scenarios.

Puzzled. Wondering if I'm going about this anonymous flow the right way at
all!

- James







On 9/6/13 5:20 PM, "Russ Allbery" <rra at stanford.edu> wrote:

>James Croall <jcroall at coverity.com> writes:
>
>> Kadmin just won't let me in. When using the WELLKNOWN principal, it
>> cannot find the KDC/Kadmin server:
>
>>> kinit -n
>>> kadmin -n @TRIAL.COVERITY.COM
>> Authenticating as principal WELLKNOWN/admin at WELLKNOWN:ANONYMOUS with
>>password; anonymous requested.
>
>kadmin is "helpfully" adjusting the principal name for you.  See if:
>
>    kadmin -p WELLKNOWN/ANONYMOUS at WELLKNOWN:ANONYMOUS -n
>@TRIAL.COVERITY.COM
>
>gets you closer.
>
>-- 
>Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>
>





More information about the Kerberos mailing list