f



Kadmin error: "kadmin: GSS-API (or Kerberos) error while initializing kadmin interface"

Hi There,

I'm setting up a test kerberos/afs realm and I'm having a problem with
kadmin. kadmin and kadmin.local run fine from the kdc, but kadmin gives
the folloowing error when run from another machine:
kadmin: GSS-API (or Kerberos) error while initializing kadmin interface

The krbadm log shows no output, but kadmin.log  on the kdc shows the
following:
Oct 11 23:15:02 kdc1 kadmind[3821](Notice): Request: kadm5_init,
coeadmin/admin@MYREALM.COM, success, client=coeadmin/admin@MYREALM.COM,
service=kadmin/admin@MYREALM.COM, addr=x.x.x.191, flavor=300001

I can kinit and everything else from the client, I just can't run
kadmin.

both client and server are RHEL4 with MIT krb5-1.5.1. compiled from
source. I get the same error using RedHat's kadmin and the
source-compiled one.
kdc1 is the server and as1 is the client

# on kdc
kadmin:  listprincs
K/M@MYREALM.COM
coeadmin/admin@MYREALM.COM
host/as1.myrealm.com@MYREALM.COM
host/kdc1.myrealm.com@MYREALM.COM
kadmin/admin@MYREALM.COM
kadmin/kdc1.myrealm.com@MYREALM.COM
kadmin/changepw@MYREALM.COM
kadmin/history@MYREALM.COM
krbtgt/MYREALM.COM@MYREALM.COM

I had fixed a previous error about not having kadmin/kdc.myrealm.com in
the DB by adding the service principal. Now I have no errors in any of
the logs, just an error on the console when I run kadmin

What am I missing?

Jason Edgecombe
Solaris & Linux Administrator
Mosaic Computing Group, College of Engineering
UNC-Charlotte
Phone: (704) 687-3514
 

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

2
jwedgeco (3)
10/11/2006 6:18:57 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
1309 Views

Similar Articles

[PageSpeed] 46

Reply:

Similar Artilces:

kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
Hi We have run into problems running kadmin from one host. Error is kadmin: GSS-API (or Kerberos) error while initializing kadmin interface krb version 1.4 linux kernel version 2.4.21 Another host on the same subnet can connect (as well as lots of hosts from different subnets) and we see the reply from port 749 on the kadmind server at the interface of the host with the GSS-API error. Any ideas. Cheers Matt ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

kadmin: GSS-API (or Kerberos) error while initializing kadmin interface #2
Hi, Can somebody tell me why I can't use kadmin remotely? I can start kadmin on the kdc server by using "kadmin -O". But when I tried to use /usr/kerberos/sbin/kadmin from a client machine to visit the kerberos database, the error as the email title occured. [root@gcnode029 sbin]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/admin@test.com Valid starting Expires Service principal 07/20/06 17:54:02 07/21/06 17:54:00 krbtgt/test.com@test.com Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@gcnode029 sbin]# kadmin admin/admin Authenticating as principal <mailto:admin/admin@test.com> admin/admin@test.com with password. Password for <mailto:admin/admin@test.com> admin/admin@test.com: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface Thank you for any help! -- LiZhong ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Re: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
Hi there, That problem may be fixed by "sync"ing the time of the server and client machines, before running kadmin. cheers, Nima D. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca ...

Re: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface #2
Hi there, That problem may be fixed by "sync"ing the time of the server and client machines, before running kadmin. cheers, Nima D. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

GSS-API (or Kerberos) error while initializing kadmin interface
I am seeing the below error while connecting to KDC from remote client. Did any one experience this error and resolve ? [root@blr11~]# kadmin Authenticating as principal root/admin@IPS.COM with password. Password for root/admin@IPS.COM: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface [root@blr11~]# On Tuesday, 17 December 2013 10:35:19 UTC, Suresh Tirumalasetti wrote: > I am seeing the below error while connecting to KDC from remote client. > > > > Did any one experience this error and resolve ? > > > > [root@blr11~]# kadmin > > Authenticating as principal root/admin@IPS.COM with password. > > Password for root/admin@IPS.COM: > > kadmin: GSS-API (or Kerberos) error while initializing kadmin interface > > [root@blr11~]# the following correctly identified the issue for me http://research.imb.uq.edu.au/~l.rathbone/ldap/kerberos.shtml .... out of sync clocks. ...

kadmin: GSS-API (or Kerberos) error
Hi Guys, This is my first email to this mailing list. I've encountered some issue with my kerberos implementation. I've already setup my kdc and i'm able to kinit and klist my tickets. The only problem left is that i'm unable to execute kadmin in remote client. Whenever i try to do that the following errors popped up. kadmin: GSS-API (or Kerberos) error while initializing kadmin interface I'm actually connecting from my client pc bar.intra.foobar.com to foo.intra.foobar.com(kdc) my current krb5.conf is [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = INTRA.FOOBAR.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] INTRA.FOOBAR.COM = { kdc = kerberos1.intra.foobar.com:88 admin_server = kerberos1.intra.foobar.com:749 default_domain = intra.foobar.com } [domain_realm] .intra.foobar.com = INTRA.FOOBAR.COM intra.foobar.com = INTRA.FOOBAR.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } *** NOTE *** kerberos1.intra.foobar.com is actually an alias to foo.intra.foobar.com my current kadm5.keytab is slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 8 kadmin/admin@INTRA.FOOB...

Help needed. Cannot run kadmin. Error msg: kadmin: Communication failure with server while initializing kadmin interface
Dear all, Hi there. I quite new in Kerberos. Wish to set up a simple single sign-on systems. Currently using RH9.0 kerberos rpm packages to setup the KDC. Using /etc/hosts to resolve the name. Need help as I'm stuck when trying to run kadmin. Tried googled for some suggestions but was rather confused on different sets of instruction given by different websites. Below are the configuration file and error messages: 1. /etc/krb5.conf [libdefaults] ticket_lifetime = 24000 default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] EXAMPLE.COM = { kdc = alpine.example.com:88 admin_server = alpine.example.com:749 default_domain = example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf 2. /krb5kdc/kdc.conf [kdcdefaults] acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab v4_mode = nopreauth [realms] EXAMPLE.COM = { master_key_type = des-cbc-crc supported_enctypes = des3-cbc-sha1:normal .... } I'd managed to create the master key and save it in the stash file. Also managed to run krb5kdc command without file as I'd checked the kdc log file. Able to use kadmin.local command to create admin/admin principle and when i run klist -f, below are the output displayed: [root@alpine root]# klist -f Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/admin@EXAM...

kadmin: GSS-API (or Kerberos) error #2
Hi Guys, This is my first email to this mailing list. I've encountered some issue with my kerberos implementation. I've already setup my kdc and i'm able to kinit and klist my tickets. The only problem left is that i'm unable to execute kadmin in remote client. Whenever i try to do that the following errors popped up. kadmin: GSS-API (or Kerberos) error while initializing kadmin interface I'm actually connecting from my client pc bar.intra.foobar.com to foo.intra.foobar.com(kdc) my current krb5.conf is [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = INTRA.FOOBAR.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] INTRA.FOOBAR.COM = { kdc = kerberos1.intra.foobar.com:88 admin_server = kerberos1.intra.foobar.com:749 default_domain = intra.foobar.com } [domain_realm] .intra.foobar.com = INTRA.FOOBAR.COM intra.foobar.com = INTRA.FOOBAR.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } *** NOTE *** kerberos1.intra.foobar.com is actually an alias to foo.intra.foobar.com my current kadm5.keytab is slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 8 kadmin/admin@INTRA.FOOB...

kadmin and other errors: "Master key does not match database while initializing ..."
My Kadmin daemon will no longer start. It gives me: [root@kdc3 root]# /etc/init.d/kadmin start Starting Kerberos 5 Admin Server: kadmind: Master key does not match database while initializing, aborting I get a similar error when I do "krb5_util dump file.dump". From the Kerberos FAQ it sounds like a problem with my kerberos database but I didn't find any references on how to fix it. Can someone point me in the right direction? This is Fedora Core 1. Let me know what other relevant information might provide useful. Thanks Austin ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos >>>>> "godber" == Austin Godber <godber@mars.asu.edu> writes: godber> My Kadmin daemon will no longer start. It gives me: godber> [root@kdc3 root]# /etc/init.d/kadmin start godber> Starting Kerberos 5 Admin Server: kadmind: Master key does not match godber> database while initializing, aborting godber> I get a similar error when I do "krb5_util dump file.dump". godber> From the Kerberos FAQ it sounds like a problem with my kerberos godber> database but I didn't find any references on how to fix it. Can godber> someone point me in the right direction? godber> This is Fedora Core 1. Let me know what other relevant information godber> might provide useful. This is not really enough information to f...

Protocol specific error code(s): "*", "*", "0".
I am using the ibm_db2 PECL drive in PHP for connecting to or DB2 database. I created a persistent connection and things seemed to work fine at first. However, after a few tests / connections, I started to get this error when running through my queries: [IBM][CLI Driver] SQL30081N A communication error has been detected. Communication protocol being used: "TCP/IP". Communication API being used: "SOCKETS". Location where the error was detected: "10.26.243.61". Communication function detecting the error: "recv". Protocol specific error code(s): "*", "*", "0". SQLSTATE=08001 SQLCODE=-30081 Any help would be great, thanks! On Feb 13, 8:44 am, "Brent Halsey" <brent.hal...@gmail.com> wrote: > I am using the ibm_db2 PECL drive in PHP for connecting to or DB2 > database. I created a persistent connection and things seemed to work > fine at first. However, after a few tests / connections, I started to > get this error when running through my queries: [IBM][CLI Driver] > SQL30081N A communication error has been detected. Communication > protocol being used: "TCP/IP". Communication API being used: > "SOCKETS". Location where the error was detected: "10.26.243.61". > Communication function detecting the error: "recv". Protocol specific > error code(s): "*", "*", "0". SQLSTATE=0800...

"Stored master key is corrupted while initializing kadmin.local interface"
Howdy folks, I'm running an MIT KDC for two small realms (a few dozen principals each) on FreeBSD 4-STABLE for i386. I haven't tried to manipulate any principals via the kadmin interface ia a while (probably two weeks), and when I tried it recently I ran across an unusual problem: kadmind wasn't running. Thinking that that was unusual, but not a bit deal, I attempted to fire up kadmind: # /usr/local/krb5/sbin/kadmind -r SEEKINGFIRE.PRV kadmind: Stored master key is corrupted while initializing, aborting Oh, that's not good. So I tried via via kadmin.local (which should give the same result, I know): # /usr/local/krb5/sbin/kadmin.local Authenticating as principal tillman/admin@SEEKINGFIRE.PRV with password. kadmin.local: Stored master key is corrupted while initializing kadmin.local interface That's definitely not working. krb5kdc is running and working fine, but without kadmin I'm probably headed for trouble :-) So I thought I'd try my other realm. I skipped the kadmind and went straight to kadmin.local: # /usr/local/krb5/sbin/kadmin.local -r ROSPA.CA Authenticating as principal tillman/admin@SEEKINGFIRE.PRV with password. kadmin.local: Stored master key is corrupted while initializing kadmin.local interface Note that this realm is on the same server, but has it's own directory and it's own stashed master key (.k5.ROSPA.CA versus ..k5.SEEKINGFIRE.PRV). I have multiple copies of both on-line and tape backups of the stashed master k...

"no error" errors
What is with the "no error" errors in Win32 ? I encountered yet another case, with bitblt, where the return value indicates error (0), but the call to getlasterror returns the "no error" code. This has occurred on several other calls, and I have to work around it by ignoring the error. In all these cases, the function appeared to work correctly, despite the error return. Is it just that it is so uncommon for people to actually check the error returns that some of them don't work ? -- Samiam is Scott A. Moore Personal web site: http:/www.moorecad.com/sco...

Why is the difference between "Error Out.ctl" and "Error Out 3D.ctl"?
&nbsp; What is 'Error Out 3D.ctl' in LabVIEW 7.0? [It's found in 'Controls > Array & Cluster'.] Does it differ functionally from the old 'Error Out.ctl' found in 'Controls > Classic Controls > Classic Array & Cluster'? Or are the differences simply cosmetic? Neither of these controls seems to have an entry in LabVIEW Help. &nbsp; Oops - 'Why is' == 'What is' > Does it differ functionally from the old 'Error Out.ctl' found in > 'Controls > Classic Controls > Classic Array & Cluster'...

Protocol specific error code(s): "10065", "*", "*". SQLSTATE=08001
Hello All, I am getting the below error message when I am trying to connect from client to remote database server installed on Linux. DB2 UDB ESE database is running on a trail version on Linux and client (administration client) installed on Windows. #_____________________________________________________________________ Protocol specific error code(s): "10065", "*", "*". SQLSTATE=08001 #_____________________________________________________________________ One the DB2 server: [db2inst1@fedorasvr ~]$ db2level DB21085I Instance "db2inst1"...

MAC SE: "Bomb" "Sys Error" / Address error" at start
Stephen Buggie (505) 863-2390 Psychology Department Univ. of New Mexico, Gallup February 15, 2006 200 College Road Gallup NM 87301 buggie@unm.edu NEED RESCUE DISK! MAC SE -- BOMB System Error / Address Error ------------------------------------------------------------------------------------------------ Dear Macintosh experts, My Mac SE crashes at power-up. I gives the bell-chime, then it proceeds though the launch sequence. After showing two extension-icons, it crashes. Then a dialogue-box shows the BOMB icon with the message, SORRY, A SYSTEM ERROR HAS OCCURRED --- ADDRESS ERROR It never reaches the desktop; this crash occurs every time. The Mac SE has a 330 meg internal hard drive, System 6.x.x, and a 1.4 meg internal 3.5 floppy drive. There is a SCSI port but no internal CD reader. The b/w screen is extremely sharp in its focus. The computer worked fine until about a year ago, when I stupidly put a file in the wrong folder. It has crashed consistently ever since! It has an assortment of software on the hard drive, but I have backups of everything and am willing to reformat the entire hard drive if necessary to get the computer working again! If I can resurrect the computer, I hope to upgrade the system to System 7.0 or 7.1 . DONE SO FAR: Yes, I have launched it with shift-key down, to turn off the extensions, but it always crashes Ive also tried vari...

Kadmin GSS-API Error
Hello, I am testing the MIT kerberos 1.3.4 now. The KDC is still on version 1.2.8. I got a GSS-API error when I tried to use the kadmin client from the 1.3.4 talking to the 1.2.8 server. here is the error, /opt/sbin/kadmin -p admabcd/admin Couldn't open log file /var/log/kadmind.log.20040917: Permission denied Authenticating as principal admabcd/admin with password. Password for admabcd/admin@LANGUAGE.UMICH.EDU: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface I could not find logs related to this on the KDC. I guess I could ignore the "Couldn't open log" error, but I do not understand the GSS-API error. If I used the kadmin from the 1.2.8 on the same client machine, I am connecting OK, no errors appear. Should the kadmin and kadmind be the same version? Can some one help on this? Thanks in advance, *=======================================* * Lynn Zhang * * LS&A System Services Team * * lyzhang@umich.edu * *=======================================* ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Should the kadmin form 1.3.4 talks to kadmind from 1.2.8? Or I may ignore the error, just upgrade the KDC first, then the client, so the kadmin client and server will be the same version. On Fri, 17 Sep 2004, Lynn Zhang wrote: > > Hello, > > I am testing the MIT kerberos 1...

What is "error 8"
I set up an external serial modem using the Red Hat GUI networking tool as a generic modem device. However, when I hit the "Activate" button, I get the message, "Failed to activate device with error 8." Where can I find what "error 8" means? Thanks. No one responded, but for the benefit of any other newbies who encounter this problem, here is the solution: I looked in the System Log and saw that the modem did not find a dial tone. I plugged in a phone line, and the "Activate" command worked fine. (I had not realized that "Activate" meant "Connect.") Crooked River wrote: > I set up an external serial modem using the Red Hat GUI networking tool > as a generic modem device. However, when I hit the "Activate" button, > I get the message, "Failed to activate device with error 8." Where can > I find what "error 8" means? > System error numbers can be found in /usr/include/asm/errno.h The only problem is that there is no assurance that that is what the program is displaying. #define ENOEXEC 8 /* Exec format error */ does not sound like what you are really getting. The best bet would be to look at the source of the program that is producing that error message. Unfortunately, the scattered shell scripts, programs, and whatnot concerned with networking, especially dial-up networking is a spaghetti mess, and if your ...

"Error occurred during initialization of VM" Error Message
Hi: I am receiving the following error message when I shutdown Tomcat: "Error occurred during initialization of VM Could not reserve enough space for object heap" The server has 4GB of RAM and the Tomcat has been set to claim upto 2GB of memory. Any clues on why this message is being received? In article <71d45ce6-2318-4b0d-8239-ae9f4ed5ba98@b5g2000pri.googlegroups.com>, Hugo <hariubc@gmail.com> wrote: > Hi: > > I am receiving the following error message when I shutdown Tomcat: > > "Error occurred during initialization of VM > Could not r...

When using "error" should the error message and error information be the same?
I wrote a Tcl package for a proprietary product which makes heavy usage of the "error" command. To this time when I return an error I use the command set errMsg "An Error Message" error $errMsg $errMsg I was wondering if maybe I was using the arguments incorrectly here or if in reality there is no real difference between the two other than when it is available to the user (along with the returned stack when using $errorInfo). Eddie Borjas wrote: > I wrote a Tcl package for a proprietary product which makes heavy > usage of the "error" command. To this time when I return an error I > use the command > > set errMsg "An Error Message" > error $errMsg $errMsg > > I was wondering if maybe I was using the arguments incorrectly here or > if in reality there is no real difference between the two other than > when it is available to the user (along with the returned stack when > using $errorInfo). First off, consider using the newer [return -error] construct instead of [error]. Now to answer your question, IMHO no they should not be the same. The return value should be a nice user level error message. The errorInfo part should also be human readable, but aimed at a programmer. Lastly, IMHO you should always be giving the errorCode value, which should be a list that is designed to be more "program" friendly. -- +------------------------------------------------------------------------+ | G...

"unknown mailer error 4" "unknown mailer error 32"
Hi Im running sendmail 8.12.9 on Solaris 8. I got "unknown mailer error 4" and "unknown mailer error 32". What does these messages mean ? Please teach me. Below is maillog. Jun 9 05:50:21 mailserver sendmail[21744]: [ID 801593 mail.info] h58Ke8TK021744: to="|/usr/local/majordomo/wrapper sequencer -l mailinglist -n -h localdomain mailinglist-outgoing", ctladdr=<mailinglist@localdomain> (1/0), delay=00:10:21, xdelay=00:10:13, mailer=prog, pri=48014, dsn=5.3.0, stat=unknown mailer error 4 Jun 9 05:51:24 mailserver sendmail[21744]: [ID 801593 mail.info] h5...

"Kerberos mechanism library ..." error in s10_58?
Hi, I have just installed s10_58 on my x86 machine (upgraded from s10_55) and now every time I do ssh, I get the following message: "Kerberos mechanism library initialization error: No profile file open." in my console window. What shall I do to correct that? I have no Kerberos installed here, AFAIK. Bye, Dragan -- Dragan Cvetkovic, To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer !!! Sender/From address is bogus. Use reply-to one !!! ...

"paper is jammed" "at the transport" error message-Canon Mp830 (false error)
I keep getting this error every time I print. It tells me there is paper stuck in the rear section of the printer.. I check, but nothing is there.. To print I close the front compartment then click ok after first opening and closing the drawer where the paper is in the front (using the front loader not the rear in fact). but after every page it says this. Has anyone run into this or found a fix? Thanks >From Canon Self Help site: E-mail this solution Print this solution Title Print E-mail How to remove jammed paper (sheet feeder) Case Id: 40766 Solutions ...

"Error: Windows API error 6: The handle is invalid" #3
I am using Windows XP v5.1 (Service Pack 1) on a GenuineIntel motherboard with a 500 MHx Pentium III processor. I try to install the basic version of MikTex 2.5 and get this error "Error: Windows API error 6: The handle is invalid" at the end of the installation. Can anyone suggest a fix? I am not committed to MikTeX, only to getting LaTeX working on my machine. Many thanks in advance, Peter. ...

"Kerberos mechanism library ..." error in s10_58? #2
[sorry, the first one didn't go to a.s.x86] Hi, I have just installed s10_58 on my x86 machine (upgraded from s10_55) and now every time I do ssh, I get the following message: "Kerberos mechanism library initialization error: No profile file open." in my console window. What shall I do to correct that? I have no Kerberos installed here, AFAIK. Bye, Dragan -- Dragan Cvetkovic, To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer !!! Sender/From address is bogus. Use reply-to one !!! Dragan Cvetkovic wrote: > I have just installed s10_58 ...

Web resources about - Kadmin error: "kadmin: GSS-API (or Kerberos) error while initializing kadmin interface" - comp.protocols.kerberos

Resources last updated: 3/10/2016 2:15:14 PM