Even following kerberos5.1-14's installing guide, there are two stange problems.

George Lin nimbuslin at 163.com
Wed Jan 13 03:53:09 EST 2016


Dear Kerberos5.1-14 pioneers,


        My name is Georgelin, I am just trying to install kerberos5.1-14 by following the package's installing guides, but
there are two stange problems that I couldn't find a solution by google or other search engin:
       My Kerberos's architecture is : one is a master KDC whose address is master.example.com, the other is a switchable slave KDC whose address  is slave.example.com, and the realm is MASTER.EXAMPLE.COM .
       And of course I have installed the DNS, ntp server and other required package except there is no xined.conf in OS of Ubuntu14.04


1st problem: when adding host principal for each of the KDCs’ host services, I can not use the installing guide's saying of kadmin command, but I can
use kadmin.local command to add, why? I have check these two commands' file permission, they are the same, and even I move kadmin to the same folder as kadmin.local, kadmin still cann't add host principal, the error message said "add_principal: Operation requires ``add'' privilege while creating "host/master.example.com at MASTER.EXAMPLE.COM"".


2nd problem: when I use kadmin.local to add two hosts' principal and follow "Configure slave KDCs" in the install.html guide, and when I execute
"kprop -f /usr/local/var/krb5kdc/13ForSlaveData slave.example.com" or even "sudo kprop -d -r MASTER.EXAMPLE.COM -f /usr/local/var/krb5kdc/13ForSlaveData -s /etc/krb5.keytab slave.example.com ", I only got a fail message of "kprop: Key table entry not found while getting initial credentials" and without other debug messages.  And because I could not get correct answers by google or by baidu, so I have to write to you.


Would you like to help me to solve these problems or give me a more feasible installing guide for a totally successfully installing Kerberos 5.1-14?
I would very appreciate your help!


Sincerely,
yours,
Georgelin




More information about the Kerberos mailing list