[31357] in Kerberos
Re: Problem in get ticket from Kerberos
daemon@ATHENA.MIT.EDU (Hans van Zijst)
Tue Aug 11 11:09:59 2009
Message-ID: <4A813EE9.5030700@woefdram.nl>
Date: Tue, 11 Aug 2009 11:50:33 +0200
From: Hans van Zijst <hans@woefdram.nl>
MIME-Version: 1.0
In-Reply-To: <mailman.1.1249983160.6463.kerberos@mit.edu>
X-Originally-To: Bruno Steven <aspenbr@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi Bruno,
Looks like Kerberos can't figure out which server(s) to contact. You can
resolve the domain, but according to krb5.conf you use kdc.AmbLivre as
your KDC.
You have to make sure Kerberos can find the IP address of kdc.AmbLivre,
either by specifying it in /etc/hosts (which means it's still available
should DNS fail) or make sure it can be found through DNS.
See
http://www.gnu.org/software/shishi/manual/html_node/Configuring-DNS-for-KDC.html
for some more info on what you could (should?) put into DNS.
Kind regards,
Hans
Bruno Steven wrote:
> Hello
>
> I have problem for get tickets from kerberos in my Centos 5.2, when I type
> this command /usr/local/kerberos/bin/kinit admin@LABCOM.UNASP
> Show this message
>
> kinit(v5): Cannot resolve network address for KDC in realm LABCOM.UNASP
> while getting initial credentials
>
> I donīt understand why this message !!! My DNS is work , I can resolve the
> domain (LABCOM.UNASP)
>
> nslookup labcom.unasp
> Server: 192.168.4.66
> Address: 192.168.4.66#53
>
> Name: labcom.unasp
> Address: 192.168.4.2
>
>
> My DNS server is on Windows 2003 Server , this command kinit was tested from
> the server Linux with Centos 5.2 using version keberos 1.6 of MIT , follow I
> paste kr5b.conf
>
> [libdefaults]
> # determines your default realm name
> default_realm = LABCOM.UNASP
> default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> proxiable = true
>
> [realms]
> LABCOM.UNASP = {
> # specifies where the servers are and on
> # which ports they listen (88 and 749 are
> # the standard ports)
> kdc = kdc.AmbLivre:88
> admin_server = kdc.AmbLivre:749
> default_domain = labcom.unasp
> }
>
> [domain_realm]
> # maps your DNS domain name to your Kerberos
> # realm name
> .labcom.unasp = LABCOM.UNASP
> labcom. = LABCOM.UNASP
> [kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
> [logging]
> # determines where each service should write its
> # logging info
> kdc = SYSLOG:INFO:DAEMON
> admin_server = SYSLOG:INFO:DAEMON
> default = SYSLOG:INFO:DAEMON
>
>
> and kdc.conf
>
> [kdcdefaults]
> v4_mode = nopreauth
> kdc_tcp_ports = 750,88
>
> [realms]
> LABCOM.UNASP = {
> database_name = /var/kerberos/krb5kdc/principal
> key_stash_file = /var/kerberos/krb5kdc/.k5.LABCOM.UNASP
> master_key_type = des3-hmac-sha1
> acl_file = /var/kerberos/krb5kdc/kadm5.acl
> dict_file = /usr/share/dict/words
> admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
> supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
> des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4
> des-cbc-crc:a
> fs3
> kdc_ports = 750,88
> max_file = 10h 0m 0s
> max_renewable_life = 7d 0h 0m 0s
> }
>
> I try resolv but I canīt resolve this problem , somebody can helpme get
> ticket from keberos !!!
>
> Thanks
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
