Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

kadmind: Cannot set GSS-API authentication names.

1,130 views
Skip to first unread message

David Moor

unread,
Nov 30, 2000, 3:00:00 AM11/30/00
to
Reposting in text only.


David Moor wrote:

> In installing the mit kerberos 1.2 binary installation for Solaris
> 2.6, I'm getting the above error message when trying to bring up
> kadmin. Checking the dejanews archives, I see that this question comes
> up quite frequently, and seems never to be comprehensively answered.
> Checking the truss output (appended at end), the sequence seems to be
> read the kdc.conf file, get the user id, read krb5.conf, followed
> by kadm5.keytab. This is when it fails. My configuration files
> follow.
>
> What is particularly frustrating is the only comprehensive
> installation guide that I have been able to find is Tungs' Kerberos: A
> Network Authentication System. It has a number of errors. The
> mit.edu kerberos faq had a URL for a better guide, but it has gone
> away ....
>
> Dave
>
> HOST.us.oracle.com# cat kdc.conf
> [realms]
> ORACLE.COM = {
> kdc = HOST.ORACLE.COM
> admin_server=HOST.ORACLE.COM
> default.comain = ORACLE.COM
> }
>
> HOST.us.oracle.com# id
> uid=0(root) gid=1(other)
>
> host.us.oracle.com# cat krb5.conf
> [libdefaults]
> default_realm = ORACLE.COM
> clockskew = 300
> default_tgs_enctypes = des-cbc-crc
> default_tkt_enctypes = des-cbc-crc
>
> [realms]
> ORACLE.COM = {
> kdc = HOST.ORACLE.COM
> admin_server=HOST.ORACLE.COM
> default.comain = ORACLE.COM
> }
> [logging]
> kdc = CONSOLE
> kdc = SYSLOG:INFO:DAEMON
> admin_server=FILE:/var/adm/kadmin.log
> admin_server=DEVICE=/dev/tty04
>
> HOST.us.oracle.com# cat kadm5.keytab
> root/ad...@ORACLE.COM *
> dmoor/ad...@ORACLE.COM *
>
> HOST.us.oracle.com# cat hosts
> 127.0.0.1 localhost
>
> 111.22.33.44 host loghost HOST.ORACLE.COM
>
>
>
>
>
>
> .... read kdc.conf until exhausted
> 24300: stat("/usr/local/var/krb5kdc/kdc.conf", 0xEFFFF7B8) Err#2
> ENOENT
> 24300: so_socket(2, 2, 0, "", 1) = 6
> 24300: so_socket(2, 1, 0, "", 1) = 7
> 24300: setsockopt(6, 65535, 4, 0xEFFFFB9C, 4) = 0
> 24300: setsockopt(7, 65535, 4, 0xEFFFFB9C, 4) = 0
> 24300: bind(6, 0xEFFFFBA0, 16) = 0
> 24300: bind(7, 0xEFFFFBA0, 16) = 0
> 24300: getpid() = 24300
> [24299]
> 24300: bind(6, 0xEFFFFAFC, 16) Err#22 EINVAL
> 24300: bind(6, 0xEFFFFAFC, 16) Err#22 EINVAL
> 24300: getsockname(6, 0xEFFFFAFC, 0xEFFFFB0C) = 0
> 24300: listen(6, 2) = 0
> 24300: sysconfig(_CONFIG_OPEN_FILES) = 64
> 24300: getuid() = 0 [0]
> 24300: stat("/etc/krb5.conf", 0xEFFFF798) = 0
> 24300: open("/etc/krb5.conf", O_RDONLY) = 8
> 24300: access("/etc/krb5.conf", 2) = 0
> 24300: fstat64(8, 0xEFFFF5D0) = 0
> 24300: ioctl(8, TCGETA, 0xEFFFF55C) Err#25 ENOTTY
> 24300: read(8, " [ l i b d e f a u l t s".., 8192) = 224
> 24300: read(8, 0x000480CC, 8192) = 0
> 24300: llseek(8, 0, SEEK_CUR) = 224
> 24300: close(8) = 0
> 24300: stat("/usr/local/etc/krb5.conf", 0xEFFFF798) Err#2 ENOENT
> 24300: getpid() = 24300
> [24299]
> 24300: stat("/etc/krb5.conf", 0xEFFFF788) = 0
> 24300: stat("/etc/krb5.conf", 0xEFFFF788) = 0
> 24300: stat("/etc/krb5.conf", 0xEFFFF788) = 0
> 24300: stat("/etc/krb5.conf", 0xEFFFF788) = 0
> 24300: stat("/etc/krb5.conf", 0xEFFFF788) = 0
> 24300: stat("/etc/krb5.conf", 0xEFFFF788) = 0
> 24300: stat("/etc/krb5.conf", 0xEFFFF788) = 0
> 24300: open("/usr/local/var/krb5kdc/kadm5.keytab", O_RDONLY) = 8
> 24300: fcntl(8, F_SETLKW, 0xEFFFF804) = 0
> 24300: read(8, " r", 1) = 1
> 24300: read(8, " o", 1) = 1
> 24300: fcntl(8, F_SETLKW, 0xEFFFF804) = 0
> 24300: close(8) = 0
> 24300: open("/usr/local/var/krb5kdc/kadm5.keytab", O_RDONLY) = 8
> 24300: fcntl(8, F_SETLKW, 0xEFFFF804) = 0
> 24300: read(8, " r", 1) = 1
> 24300: read(8, " o", 1) = 1
> 24300: fcntl(8, F_SETLKW, 0xEFFFF804) = 0
> 24300: close(8) = 0
> 24300: time() = 975518223
> 24300: time() = 975518223
> 24300: getpid() = 24300
> [24299]
> 24300: fstat(3, 0xEFFFF3F0) = 0
> 24300: time() = 975518223
> 24300: getpid() = 24300
> [24299]
> 24300: putmsg(3, 0xEFFFEAA8, 0xEFFFEA9C, 0) = 0
> 24300: open("/etc/.syslog_door", O_RDONLY) = 8
> 24300: door_info(8, 0xEFFFE9E0) = 0
> 24300: getpid() = 24300
> [24299]
> 24300: door_call(8, 0xEFFFE9C8) = 0
> 24300: close(8) = 0
> 24300: write(2, " k a d m i n d", 7) = 7
> 24300: write(2, " : C a n n o t s e t".., 43) = 43
>

David.Moor.vcf

Mike Friedman

unread,
Dec 1, 2000, 2:03:13 AM12/1/00
to
On Thu Nov 30 12:23:40 2000, David Moor said:

David,

You seem to have several errors in your configuration files (krb5.conf and
kdc.conf). A couple of typos ('default.comain'?) are the least of them. In
particular, your keytab file is all wrong; you've got it confused with the
ACL (kadm5.acl) that controls admin privileges. (Hint: kadm5.keytab is not
an ASCII text file; it should contain the secret keys for a couple of special
service principals used by kadmind and you need to build it yourself).

One of the problems with just using the binary distribution is that you
don't get the documentation. Download the source if only to obtain the
Installation Guide and System Administrator's Guide, which provide all the
information you need, at least to get things going.

Mike

=======================================

----------------------------------------------------------------------------
Mike Friedman mi...@ack.Berkeley.EDU
Communication & Network Services +1-510-642-1410
University of California at Berkeley http://ack.Berkeley.EDU/~mikef
----------------------------------------------------------------------------

0 new messages