[14955] in Kerberos
Re: help for kerberos setup
daemon@ATHENA.MIT.EDU (Mitchell E Berger)
Wed Aug 8 01:02:41 2001
Message-Id: <200108080500.BAA12231@byte-me.mit.edu>
To: "l-cong" <l-cong@secom.net.cn>
cc: kerberos@MIT.EDU
In-Reply-To: Your message of "Wed, 08 Aug 2001 12:29:41 +0800."
<000801c11fc2$d01491d0$c864a8ac@cong>
Date: Wed, 08 Aug 2001 01:00:44 -0400
From: Mitchell E Berger <mitchb@MIT.EDU>
Hi,
> so i come into the MITweb.and follow what it said to do ,
>
> but when i came to
>
> start the kerberos Damemons on the mast kdc
>
> and type these:
>
> shell% /usr/local/sbin/krb5kdc
> shell% /usr/local/sbin/kadmind
>
> erros comes:
>
> kadmind: Cannot set GSS-API authentication names.
>
> why?
It looks from this output like your KDC started (that's krb5kdc), but your
administration daemon (kadmind) didn't. The error message you're seeing is
very common, and the most likely cause is that you haven't created kadmind's
keytab file. In your kdc.conf, you should have an entry that looks similar to
this:
admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
In that file (in this case, /usr/local/var/krb5kdc/kadm5.keytab), you need to
put the keys for your kadmin/admin and kadmin/changepw principals. You can
do this with kadmin.local as root like this:
shell% /usr/local/sbin/kadmin.local
kadmin.local: ktadd -k /usr/local/var/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
[you'll see it adding principals to keytabs here]
kadmin.local: q
Now you should be able to start kadmind like this:
shell% /usr/local/sbin/kadmind
Hope that helps... good luck,
Mitch
