Anonymous kerberos and bootstrapping new hosts - how to?
James Croall
jcroall at coverity.com
Fri Sep 6 20:31:41 EDT 2013
Hi Russ,
Thanks for the suggestion! Unfortunately that's not the problem - I gave
that a try, and it's not even communicating with the KDC. There are zero
packets being sent to the server, and per the error message:
Authenticating as principal WELLKNOWN/ANONYMOUS at WELLKNOWN:ANONYMOUS with
password; anonymous requested.
kadmin: Cannot resolve network address for KDC in requested realm while
initializing kadmin interface <==
It can't seem to find the KDC. Odd, considering the KDC and admin_server
are clearly configured in /etc/krb5.conf and work with the traditional
scenarios.
Puzzled. Wondering if I'm going about this anonymous flow the right way at
all!
- James
On 9/6/13 5:20 PM, "Russ Allbery" <rra at stanford.edu> wrote:
>James Croall <jcroall at coverity.com> writes:
>
>> Kadmin just won't let me in. When using the WELLKNOWN principal, it
>> cannot find the KDC/Kadmin server:
>
>>> kinit -n
>>> kadmin -n @TRIAL.COVERITY.COM
>> Authenticating as principal WELLKNOWN/admin at WELLKNOWN:ANONYMOUS with
>>password; anonymous requested.
>
>kadmin is "helpfully" adjusting the principal name for you. See if:
>
> kadmin -p WELLKNOWN/ANONYMOUS at WELLKNOWN:ANONYMOUS -n
>@TRIAL.COVERITY.COM
>
>gets you closer.
>
>--
>Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
>
More information about the Kerberos
mailing list