[31508] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Need help setting up kerberos for the first time

daemon@ATHENA.MIT.EDU (Andrey Falko)
Mon Sep 28 12:02:34 2009

MIME-Version: 1.0
Date: Mon, 28 Sep 2009 09:01:27 -0700
Message-ID: <350fc7cf0909280901s2968937drdf254d78a004fdb@mail.gmail.com>
From: Andrey Falko <ma3oxuct@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hi everyone,

I am new to Kerberos and having some trouble setting it up. Here are the
steps that I took:

a) Edited /etc/krb5.conf:
[libdefaults]
        default_realm = USDSTORAGE.COM
        krb4_config = /usr/kerberos/lib/krb.conf
        krb4_realms = /usr/kerberos/lib/krb.realms

[realms]
        USSTORAGE.COM = {
                admin_server = USDSTORAGE.COM
                default_domain = USDSTORAGE.COM
                kdc = USDSTORAGE.COM
        }

[domain_realm]
        .usdstorage.com = USDSTORAGE.COM
        usdstorage.com = USDSTORAGE.COM


b) mkdir /var/lib/krb5kdc

c) Edit /etc/kdc.conf:
[kdcdefaults]
        kdc_ports = 750,88

[realms]
        USDSTORAGE.COM = {
                database_name = /var/lib/krb5kdc/principal
                admin_keytab = FILE:/var/lib/krb5kdc/kadm5.keytab
                acl_file = /var/lib/krb5kdc/kadm5.acl
                key_stash_file = /var/lib/krb5kdc/.k5.USDSTORAGE.COM
                kdc_ports = 750,88
                max_life = 10h 0m 0s
                max_renewable_life = 7d 0h 0m 0s
        }

d) Edit /var/lib/krb5kdc/kadm5.acl:
*/admin@USDSTORAGE.COM *

e)
cd /var/lib/krb5kdc
kdb5_util create -r USDSTORAGE.COM -s

f) Edit /etc/hosts:
127.0.0.1       localhost USDSTORAGE.COM KRB.USDSTORAGE.COM Gentoo-testvm1
usdsstorage.com krb.usdstorage.com

g) kadmin.local
kadmin.local: afsadmin@USDSTORAGE.COM
kadmin.local: afsadmin/admin@USDSTORAGE.COM
addprinc -randkey afs/USDSTORAGE.com@USDSTORAGE.COM
ktadd -e des-cbc-crc:normal -k /etc/krb5.keytab.afs afs/USDSTORAGE.com

h) /etc/init.d/mit-krb5kadmind start
/etc/init.d/mit-krb5kdc start


I then try a simple test:
# kinit afsadmin
kinit(v5): Cannot resolve network address for KDC in realm
USDSTORAGE.COMwhile getting initial credentials


What am I doing wrong, if anything? Everything appears consistent to me in
terms of network config as well as the kerberos config files. Can someone
hint to things I can do in order to troubleshoot this at a deeper level?

Thank you in advance for any help. I've been struggling with this for weeks.
Googling has not helped :(.
-Andrey
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[31508] in Kerberos

Need help setting up kerberos for the first time

daemon@ATHENA.MIT.EDU (Andrey Falko)Mon Sep 28 12:02:34 2009

daemon@ATHENA.MIT.EDU (Andrey Falko)
Mon Sep 28 12:02:34 2009