Even following kerberos5.1-14's installing guide, there are two stange problems.

Brandon Allbery ballbery at sinenomine.net
Wed Jan 13 13:58:04 EST 2016 

Kadmin requires additional setup, the error you got indicates that you did not configure kadm5.acl to specify what principals have what access levels.

It also sounds like you did not configure the keytab on slaves properly.

You should review the exact configuration steps you followed vs. what the install guide actually documents.

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of George Lin
Sent: Wednesday, January 13, 2016 3:53 AM
To: kerberos at mit.edu; krb5-bugs at mit.edu
Cc: jiaxinlin at live.com
Subject: Even following kerberos5.1-14's installing guide, there are two stange problems.
Importance: High

Dear Kerberos5.1-14 pioneers,


        My name is Georgelin, I am just trying to install kerberos5.1-14 by following the package's installing guides, but there are two stange problems that I couldn't find a solution by google or other search engin:
       My Kerberos's architecture is : one is a master KDC whose address is master.example.com, the other is a switchable slave KDC whose address  is slave.example.com, and the realm is MASTER.EXAMPLE.COM .
       And of course I have installed the DNS, ntp server and other required package except there is no xined.conf in OS of Ubuntu14.04


1st problem: when adding host principal for each of the KDCs’ host services, I can not use the installing guide's saying of kadmin command, but I can use kadmin.local command to add, why? I have check these two commands' file permission, they are the same, and even I move kadmin to the same folder as kadmin.local, kadmin still cann't add host principal, the error message said "add_principal: Operation requires ``add'' privilege while creating "host/master.example.com at MASTER.EXAMPLE.COM"".


2nd problem: when I use kadmin.local to add two hosts' principal and follow "Configure slave KDCs" in the install.html guide, and when I execute "kprop -f /usr/local/var/krb5kdc/13ForSlaveData slave.example.com" or even "sudo kprop -d -r MASTER.EXAMPLE.COM -f /usr/local/var/krb5kdc/13ForSlaveData -s /etc/krb5.keytab slave.example.com ", I only got a fail message of "kprop: Key table entry not found while getting initial credentials" and without other debug messages.  And because I could not get correct answers by google or by baidu, so I have to write to you.


Would you like to help me to solve these problems or give me a more feasible installing guide for a totally successfully installing Kerberos 5.1-14?
I would very appreciate your help!


Sincerely,
yours,
Georgelin


________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list