[33002] in Kerberos
"Missing parameters in krb5.conf" for kadmin
daemon@ATHENA.MIT.EDU (Brian Candler)
Thu Dec 30 05:56:11 2010
Date: Thu, 30 Dec 2010 10:55:59 +0000
From: Brian Candler <B.Candler@pobox.com>
To: kerberos@mit.edu
Message-ID: <20101230105559.GA4170@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I'm using mit 1.8.1 under Ubuntu 10.04.1 server, and I have a very minimal
krb5.conf:
[libdefaults]
default_realm = WS.NSRC.ORG
dns_lookup_realm = true
dns_lookup_kdc = true
I have intentionally left out the [realm] definition with a pointer to
the kadmin server, and I'm aware that kadmin can't yet lookup SRV records
to find the admin server (*)
So I thought I would be able to give the required parameters on the kadmin
command line, but it appears not:
# kadmin -p inst/admin -r WS.NSRC.ORG -s noc.ws.nsrc.org:749
Authenticating as principal inst/admin with password.
kadmin: Missing parameters in krb5.conf required for kadmin client while initializing kadmin interface
However it works if I add some junk into krb5.conf:
[realms]
WS.NSRC.ORG = {
admin_server = 1.1.1.1:9999
}
(i.e. the -s parameter does override the junk)
Is this behaviour intentional? Unless I've missed something, it means I
can't run kadmin anywhere that hasn't had krb5.conf explicitly configured
with the realm.
Thanks,
Brian.
(*) That's what the documentation says, although I do have it setup just
in case:
$ dig _kerberos-adm._tcp.ws.nsrc.org srv
...
;; ANSWER SECTION:
_kerberos-adm._tcp.ws.nsrc.org. 600 IN SRV 0 0 749 kdc1.ws.nsrc.org.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
