[28671] in Kerberos
krb5-1.6.3 with LDAP backend on Solaris 10
daemon@ATHENA.MIT.EDU (Robert Wirstrom)
Tue Nov 6 10:13:48 2007
Message-ID: <473083D7.1040309@mizuhocap.com>
Date: Tue, 06 Nov 2007 10:10:15 -0500
From: Robert Wirstrom <robw@mizuhocap.com>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="------------060603090400060500030802"
Errors-To: kerberos-bounces@mit.edu
This is a multi-part message in MIME format.
--------------060603090400060500030802
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
I have successfully compiled (./configure --with-ldap --enable-dns
--without-krb4) and installed krb5-1.6.3 on Solaris 10. And I am able to
create the realm using kdb5_ldap_util, but when I try to run kadmin or
krb5kdc it gives me:
"krb5kdc: cannot initialize realm `REALM` - see log file for details"
bash-3.00# cat /var/log/kadmind.log
Oct 19 10:54:03 boon kadmind[684](Error): Unable to find requested
database type while initializing, aborting
Oct 19 11:02:02 boon kadmind[708](Error): Unable to find requested
database type while initializing, aborting
Running truss reveals that kldap.so does indeed get opened:
-----
time() = 1193426650
stat("/usr/local/lib/krb5/plugins/kdb/kldap", 0xFFBFF6A0) Err#2 ENOENT
stat("/usr/local/lib/krb5/plugins/kdb/kldap.so", 0xFFBFF6A0) = 0
stat("/usr/local/lib/krb5/plugins/kdb/kldap.so", 0xFFBFF168) = 0
resolvepath("/usr/local/lib/krb5/plugins/kdb/kldap.so",
"/usr/local/lib/krb5/plugins/kdb/kldap.so", 1023) = 40
open("/usr/local/lib/krb5/plugins/kdb/kldap.so", O_RDONLY) = 5
mmap(0x00010000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 5, 0)
= 0xFEEE0000
mmap(0x00010000, 81920, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MAP_ALIGN, -1, 0) = 0xFECE0000
mmap(0xFECE0000, 10017, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_TEXT, 5,0) = 0xFECE0000
-----
The LDAP server we are using is Sun Java Enterprise 6. I have compiled
against the default Solaris 10 ldap libraries and OpenLDAP and get the
same results.
Has anyone been able to get this to work in Solaris 10? Any pointers
would be appreciated. krb5.conf attached.
Thanks,
Robert
This e-mail contains information some or all of which may be confidential, proprietary and/or legally privileged. If an addressing or transmission error has misdirected this e-mail, please notify the sender by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail.
--------------060603090400060500030802
Content-Type: text/plain;
name="krb5.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="krb5.conf"
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
EXAMPLE.COM = {
kdc = kdc1.example.com
admin_server = kdc1.example.com
database_module = ldapconf
}
[domain_realm]
example.com = EXAMPLE.COM
.example.com = EXAMPLE.COM
[appdefaults]
# kinit = {
# renewable = true
# forwardable= true
# }
[dbdefaults]
ldap_kerberos_container_dn = cn=krbcontainer,dc=example,dc=com
[dbmodules]
ldapconf = {
db_library = kldap
ldap_kerberos_container_dn = cn=krbcontainer,dc=example,dc=com
ldap_kdc_dn = "cn=directory manager"
ldap_kadmind_dn = "cn=directory manager"
ldap_service_password_file = /usr/local/var/krb5kdc/service.keyfile
ldap_servers = ldap://odin.example.com:389
ldap_conns_per_server =5
}
--------------060603090400060500030802
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--------------060603090400060500030802--
