f



kadmin: GSS-API (or Kerberos) error while initializing kadmin interface

Hi

We have run into problems running kadmin from one host. Error is

kadmin: GSS-API (or Kerberos) error while initializing kadmin interface

krb version 1.4
linux kernel version 2.4.21

Another host on the same subnet can connect (as well as lots of hosts 
from different subnets) and we see the reply from port 749 on the 
kadmind server at the interface of the host with the GSS-API error. Any 
ideas.

Cheers

Matt

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
matt5160 (8)
7/17/2003 4:22:50 AM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
3572 Views

Similar Articles

[PageSpeed] 20

Reply:

Similar Artilces:

Kadmin error: "kadmin: GSS-API (or Kerberos) error while initializing kadmin interface"
Hi There, I'm setting up a test kerberos/afs realm and I'm having a problem with kadmin. kadmin and kadmin.local run fine from the kdc, but kadmin gives the folloowing error when run from another machine: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface The krbadm log shows no output, but kadmin.log on the kdc shows the following: Oct 11 23:15:02 kdc1 kadmind[3821](Notice): Request: kadm5_init, coeadmin/admin@MYREALM.COM, success, client=coeadmin/admin@MYREALM.COM, service=kadmin/admin@MYREALM.COM, addr=x.x.x.191, flavor=300001 I can kinit and everything else from the client, I just can't run kadmin. both client and server are RHEL4 with MIT krb5-1.5.1. compiled from source. I get the same error using RedHat's kadmin and the source-compiled one. kdc1 is the server and as1 is the client # on kdc kadmin: listprincs K/M@MYREALM.COM coeadmin/admin@MYREALM.COM host/as1.myrealm.com@MYREALM.COM host/kdc1.myrealm.com@MYREALM.COM kadmin/admin@MYREALM.COM kadmin/kdc1.myrealm.com@MYREALM.COM kadmin/changepw@MYREALM.COM kadmin/history@MYREALM.COM krbtgt/MYREALM.COM@MYREALM.COM I had fixed a previous error about not having kadmin/kdc.myrealm.com in the DB by adding the service principal. Now I have no errors in any of the logs, just an error on the console when I run kadmin What am I missing? Jason Edgecombe Solaris & Linux Administrator Mosaic Computing Group, College of Engineering UNC-Charlotte Phone: (704) 687-3514 ______________...

Re: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
Hi there, That problem may be fixed by "sync"ing the time of the server and client machines, before running kadmin. cheers, Nima D. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca ...

kadmin: GSS-API (or Kerberos) error while initializing kadmin interface #2
Hi, Can somebody tell me why I can't use kadmin remotely? I can start kadmin on the kdc server by using "kadmin -O". But when I tried to use /usr/kerberos/sbin/kadmin from a client machine to visit the kerberos database, the error as the email title occured. [root@gcnode029 sbin]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/admin@test.com Valid starting Expires Service principal 07/20/06 17:54:02 07/21/06 17:54:00 krbtgt/test.com@test.com Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@gcnode029 sbin]# kadmin admin/admin Authenticating as principal <mailto:admin/admin@test.com> admin/admin@test.com with password. Password for <mailto:admin/admin@test.com> admin/admin@test.com: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface Thank you for any help! -- LiZhong ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Re: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface #2
Hi there, That problem may be fixed by "sync"ing the time of the server and client machines, before running kadmin. cheers, Nima D. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

GSS-API (or Kerberos) error while initializing kadmin interface
I am seeing the below error while connecting to KDC from remote client. Did any one experience this error and resolve ? [root@blr11~]# kadmin Authenticating as principal root/admin@IPS.COM with password. Password for root/admin@IPS.COM: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface [root@blr11~]# On Tuesday, 17 December 2013 10:35:19 UTC, Suresh Tirumalasetti wrote: > I am seeing the below error while connecting to KDC from remote client. > > > > Did any one experience this error and resolve ? > > > > [root@blr11~]# kadmin > > Authenticating as principal root/admin@IPS.COM with password. > > Password for root/admin@IPS.COM: > > kadmin: GSS-API (or Kerberos) error while initializing kadmin interface > > [root@blr11~]# the following correctly identified the issue for me http://research.imb.uq.edu.au/~l.rathbone/ldap/kerberos.shtml .... out of sync clocks. ...

kadmin: GSS-API (or Kerberos) error
Hi Guys, This is my first email to this mailing list. I've encountered some issue with my kerberos implementation. I've already setup my kdc and i'm able to kinit and klist my tickets. The only problem left is that i'm unable to execute kadmin in remote client. Whenever i try to do that the following errors popped up. kadmin: GSS-API (or Kerberos) error while initializing kadmin interface I'm actually connecting from my client pc bar.intra.foobar.com to foo.intra.foobar.com(kdc) my current krb5.conf is [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = INTRA.FOOBAR.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] INTRA.FOOBAR.COM = { kdc = kerberos1.intra.foobar.com:88 admin_server = kerberos1.intra.foobar.com:749 default_domain = intra.foobar.com } [domain_realm] .intra.foobar.com = INTRA.FOOBAR.COM intra.foobar.com = INTRA.FOOBAR.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } *** NOTE *** kerberos1.intra.foobar.com is actually an alias to foo.intra.foobar.com my current kadm5.keytab is slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 8 kadmin/admin@INTRA.FOOB...

kadmin: GSS-API (or Kerberos) error #2
Hi Guys, This is my first email to this mailing list. I've encountered some issue with my kerberos implementation. I've already setup my kdc and i'm able to kinit and klist my tickets. The only problem left is that i'm unable to execute kadmin in remote client. Whenever i try to do that the following errors popped up. kadmin: GSS-API (or Kerberos) error while initializing kadmin interface I'm actually connecting from my client pc bar.intra.foobar.com to foo.intra.foobar.com(kdc) my current krb5.conf is [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = INTRA.FOOBAR.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] INTRA.FOOBAR.COM = { kdc = kerberos1.intra.foobar.com:88 admin_server = kerberos1.intra.foobar.com:749 default_domain = intra.foobar.com } [domain_realm] .intra.foobar.com = INTRA.FOOBAR.COM intra.foobar.com = INTRA.FOOBAR.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } *** NOTE *** kerberos1.intra.foobar.com is actually an alias to foo.intra.foobar.com my current kadm5.keytab is slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 8 kadmin/admin@INTRA.FOOB...

Help needed. Cannot run kadmin. Error msg: kadmin: Communication failure with server while initializing kadmin interface
Dear all, Hi there. I quite new in Kerberos. Wish to set up a simple single sign-on systems. Currently using RH9.0 kerberos rpm packages to setup the KDC. Using /etc/hosts to resolve the name. Need help as I'm stuck when trying to run kadmin. Tried googled for some suggestions but was rather confused on different sets of instruction given by different websites. Below are the configuration file and error messages: 1. /etc/krb5.conf [libdefaults] ticket_lifetime = 24000 default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] EXAMPLE.COM = { kdc = alpine.example.com:88 admin_server = alpine.example.com:749 default_domain = example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf 2. /krb5kdc/kdc.conf [kdcdefaults] acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab v4_mode = nopreauth [realms] EXAMPLE.COM = { master_key_type = des-cbc-crc supported_enctypes = des3-cbc-sha1:normal .... } I'd managed to create the master key and save it in the stash file. Also managed to run krb5kdc command without file as I'd checked the kdc log file. Able to use kadmin.local command to create admin/admin principle and when i run klist -f, below are the output displayed: [root@alpine root]# klist -f Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/admin@EXAM...

Client not found in Kerberos database while initializing kadmin interface
I get this from typing 'kadmin' on the commandline of the KDC server itself. I have my own account on there which I can log into from gkadmin. Regards, Jason. -------------------------- Jason Oakley +612 82821434 Open and Intel Systems Systems Administrator http://www.eds.com Add a dab of lavender to milk Leave town with an orange and pretend you are laughing at it ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Kadmin GSS-API Error
Hello, I am testing the MIT kerberos 1.3.4 now. The KDC is still on version 1.2.8. I got a GSS-API error when I tried to use the kadmin client from the 1.3.4 talking to the 1.2.8 server. here is the error, /opt/sbin/kadmin -p admabcd/admin Couldn't open log file /var/log/kadmind.log.20040917: Permission denied Authenticating as principal admabcd/admin with password. Password for admabcd/admin@LANGUAGE.UMICH.EDU: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface I could not find logs related to this on the KDC. I guess I could ignore the "Couldn't open log" error, but I do not understand the GSS-API error. If I used the kadmin from the 1.2.8 on the same client machine, I am connecting OK, no errors appear. Should the kadmin and kadmind be the same version? Can some one help on this? Thanks in advance, *=======================================* * Lynn Zhang * * LS&A System Services Team * * lyzhang@umich.edu * *=======================================* ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Should the kadmin form 1.3.4 talks to kadmind from 1.2.8? Or I may ignore the error, just upgrade the KDC first, then the client, so the kadmin client and server will be the same version. On Fri, 17 Sep 2004, Lynn Zhang wrote: > > Hello, > > I am testing the MIT kerberos 1...

kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface
Hi, there, I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf pointing kdc to the host name, which i believe correctly set. The problem is that, I can do kadmin.local but I just couldn't do kadmin. It always complains: kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface kinit with no parameters reports the similar error: kinit(v5): Cannot contact any KDC for requested realm while getting initial credentials but kinit works if I supply a principal from another realm (that realm and its kdc is also set in /krb5.conf). I am confused that why kinit and kadmin just couldn't work in local realm? Is this a feature or I missed any setting issues? Thank you very much. yizeng ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos I would suspect a simple error in the configuration of your local realm in /etc/krb5.conf, or a DNS issue. Can you post your /etc/krb5.conf ? On 10/26/05, yi zeng <bigwhite@gmail.com> wrote: > Hi, there, > I set up a MIT Kerberos 5 master kdc on a pc in a private domain. I have > /etc/hosts mapping hostname of the pc to its ip address and /etc/krb5.conf > pointing kdc to the host name, which i believe correctly set. > The problem is that, I can do kadmin.local but I just couldn't do kadmin. >...

Kerberos+LDAP: kadmin.local and kadmin show different principals
Hi, I'm trying to configure an Ubuntu system with MIT Kerberos (v1.8.1), with LDAP as the storage back-end (Sun OpenDS v2.2.1). I see a very odd behavior, where my host entries only show up when I list principals using 'kadmin.local', but not when I use 'kadmin'. From what I read, the two should behave identically if kadmin.local uses the same principal to connect. Here's what I see from the two tools. Notice the "host/..." principal in the kadmin.local case. root@hydrogen:/etc/krb5kdc# kadmin -p nick/admin Authenticating as principal nick/admin with password. Password for nick/admin@EXAMPLE.NET: kadmin: list_principals ben@EXAMPLE.NET nick@EXAMPLE.NET nick/admin@EXAMPLE.NET K/M@EXAMPLE.NET krbtgt/EXAMPLE.NET@EXAMPLE.NET kadmin/admin@EXAMPLE.NET kadmin/changepw@EXAMPLE.NET kadmin/history@EXAMPLE.NET kadmin/hydrogen@EXAMPLE.NET kadmin: ^D root@hydrogen:/etc/krb5kdc# kadmin.local -p nick/admin Authenticating as principal nick/admin with password. kadmin.local: list_principals host/myhost.example.net@EXAMPLE.NET <=== Not listed above ben@EXAMPLE.NET nick@EXAMPLE.NET nick/admin@EXAMPLE.NET K/M@EXAMPLE.NET krbtgt/EXAMPLE.NET@EXAMPLE.NET kadmin/admin@EXAMPLE.NET kadmin/changepw@EXAMPLE.NET kadmin/history@EXAMPLE.NET kadmin/hydrogen@EXAMPLE.NET kadmin.local: ^D When I look at the LDAP logs, the two commands behave quite differently. My realm has two search trees root@hydrogen:/etc/krb5kdc# kdb5_ldap_util -D "cn=director...

SNC
Hello Gurus , I am trying to get SNC (SSO) on the SAPGUI working after migrating from Windows 2008 / Oracle to the Linux RHEL 6.4 /Sybase . Currently we are testing on the target LINUX [RHEL 6.4 ] server, against a Windows AD domain. The OS part of SSO still works, I get a TGT, klist shows me the correct credentials, etc., but the ABAP stack does no longer authenticate via SSO. Kinit works fine with the Linux server getting authenticated at the Windows AD [via root] <h2>Kinit via sbqadm</h2> orsapbisbx01:sbqadm 51> kinit -V -k SBQADM/<hostname.mydomain.com...

[rfc-dist] RFC 5179 on Generic Security Service Application Program Interface (GSS-API) Domain-Based Service Names Mapping for the Kerberos V GSS Mechanism
A new Request for Comments is now available in online RFC libraries. RFC 5179 Title: Generic Security Service Application Program Interface (GSS-API) Domain-Based Service Names Mapping for the Kerberos V GSS Mechanism Author: N. Williams Status: Standards Track Date: May 2008 Mailbox: Nicolas.Williams@sun.com Pages: 5 Characters: 8017 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-kitten-krb5-gssapi-domain-based-names-05.txt URL: http://www.rfc-editor.org/rfc/rfc5179.txt This document describes the mapping of Generic Security Service Application Program Interface (GSS-API) domain-name-based service principal names onto Kerberos V principal names. [STANDARDS TRACK] This document is a product of the Kitten (GSS-API Next Generation) Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improvements. Please refer to the current edition of the Internet Official Protocol Standards (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from t...

GSS-API error: No Kerberos SSPI credentials available
Hello Juan, did you find as solution to the problem below? It's the one you mentioned in your post to the kerberos mailing list a while ago - I cite you here: I have implemented an SSO solution with kerberos5, SNC, Active Directory 2K3 with SAP(Unix Server). It Works fine, but I found an error in some clients that I want to investigate. Some days, in the morning (note: users don't close the windows sessions at the end of work-day, they block-out their computers), when users try to connect to SAP, they receive the following client error (in the SAP client log): ************************************************** Sapgui 620 [Build 8966] Wed Feb 16 10:03:14 2005: 'GSS-API(maj): No valid credentials provided (or available) GSS-API(min): No Kerberos SSPI credentials available for requested nam name="p:user at SITE.DOMAIN.COM" Component SNC (Secure Network Communication) Release 620 Version 5 Module sncxxall.c Line 1223 Method SncPAcquireCred Return Code -4 System Call gss_acquire_cred Counter 4 ************************************************** or this one: ************************************************** Sapgui 620 [Build 8966] Tue Feb 15 10:21:59 2005 : 'SNCERR_GSSAPI An operation failed at the GSS-API level sec_avail="false" Component SNC (Secure Network Communication) Release 620 Version 5 Module sncxx.c Method SncInit Return Code -4 Counter 2 ************************************************** The problem ends if the user ...

AW: GSS-API error: No Kerberos SSPI credentials available
Hi, yes, SSO works well for me. Some colleague is experiencing that error message. You are right, SAP uses an AD account, which is then exported to a keytab using ktpass. Which gives an entry like you said: <service>/f.q.d.n@REALM where REALM = AD domain in uppercase (in Windows). Best regards Calin -----Urspr�ngliche Nachricht----- Von: kerberos-bounces@MIT.EDU [mailto:kerberos-bounces@MIT.EDU] Im Auftrag von Sensei Gesendet: Dienstag, 29. November 2005 20:49 An: kerberos@MIT.EDU Betreff: Re: GSS-API error: No Kerberos SSPI credentials available On 2005-11-29 09:35:05 +0100, c.barbat@osram.de ("Barbat, Calin") said: > Hello Juan, > > did you find as solution to the problem below? It's the one you > mentioned in your post to the kerberos mailing list a while ago - I > cite you here: > > I have implemented an SSO solution with kerberos5, SNC, Active > Directory 2K3 with SAP(Unix Server). It Works fine, but I found an > error in some clients that I want to investigate. > > Some days, in the morning (note: users don't close the windows > sessions at the end of work-day, they block-out their computers), when > users try to connect to SAP, they receive the following client error > (in the SAP client log): I do not know SAP, I use other softwares, but I give my 2 cents, it might help you. Does SAP need principals in the keytab file like host/hostname@REALM service/hostname@REALM (like ldap/ldap.m...

[rfc-dist] RFC 6542 on Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Channel Binding Hash Agility
A new Request for Comments is now available in online RFC libraries. RFC 6542 Title: Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Channel Binding Hash Agility Author: S. Emery Status: Standards Track Stream: IETF Date: March 2012 Mailbox: shawn.emery@oracle.com Pages: 6 Characters: 11080 Updates: RFC4121 I-D Tag: draft-ietf-krb-wg-gss-cb-hash-agility-10.txt URL: http://www.rfc-editor.org/rfc/rfc6542.txt Currently, channel bindings are implemented using an MD5 hash in the Kerberos Version 5 Generic Security Service Application Programming Interface (GSS-API) mechanism (RFC 4121). This document updates RFC 4121 to allow channel bindings using algorithms negotiated based on Kerberos crypto framework as defined in RFC 3961. In addition, because this update makes use of the last extensible field in the Kerberos client-server exchange message, extensions are defined to allow future protocol extensions. [STANDARDS-TRACK] This document is a product of the Kerberos WG Working Group of the IETF. This is now a Proposed Standard Protocol. STANDARDS TRACK: This document specifies an Internet standards track protocol for the Internet community,and requests discussion and suggestions for improve...

Kadmin: Incorrect Password while initilizing kadmin interface
hi, I am trying to configure kerberos version krb5-1.6 on a linux system with Federo core 4 with root login in a network. I could able to create master database with the command kdb5_util create -r EXAMPLE.COM -s aaded the principal to the database with the command kadmin.local kadmin.local: addprinc root/admin@EXAMPLE.COM .. .. .. principal root/admin@EXAMPLE.COM created. created the kadmin keytab. when i am trying to run the master database with the commands i am facing some problems. %shell> krb5kdc the log file will have the error message like Apr 10 21:49:28 localhost krb5kdc[11849](info): setting up network... Apr 10 21:49:28 localhost krb5kdc[11849](info): skipping unrecognized local address family 17 krb5kdc: Address already in use - Cannot bind server socket to port 750 address 10.255.114.75 Apr 10 21:49:28 localhost krb5kdc[11849](info): set up 0 sockets krb5kdc: no sockets set up? but i rebooted my system once, after which the log file message is as below. Apr 10 21:11:23 localhost krb5kdc[11744](info): setting up network... Apr 10 21:11:23 localhost krb5kdc[11744](info): skipping unrecognized local address famil Apr 10 21:11:23 localhost krb5kdc[11744](info): listening on fd 7: udp 10.255.114.75.750 Apr 10 21:11:23 localhost krb5kdc[11744](info): listening on fd 8: udp 10.255.114.75.88 Apr 10 21:11:23 localhost krb5kdc[11744](info): listening on fd 9: udp 2001:220:1004::12. Apr 10 21:11:23 localhost krb5kdc[11744](info): listening on fd 10: udp 200...

Re: kerberos
Hi Arun, You should also answer Mauricio's question, but did you know kadmin.local should only be run on the KDCs, and should only really be run on the Master KDC. If you want to connect to the Master KDC from a client or a Replica KDC, then you should run the 'admin' program. So when you say you installed kerberos on a PC, did you install it as a client system, a replica KDC or as the Master KDC ? If it is not as the Master KDC, then admin.local will not work. Kind Regards, Jeremy Hunt > > --- Original message --- > Subject: kerberos - Kad...

GSS-API
Hello, Is there any method of "extracting" the Kerberos key from a GSS ticket? Microsoft sends the Kerberos ticket (SPNEGO over http) using the GSS methods. If one attempts to handle the internal Kerberos ticket information (such as the case of the PAC data) he will have to use the Kerberos ticket. Any idea? Any explicit function I've missed ? such as gss_extract_krb5_ticket()..? Eitan. > Hello, > > Is there any method of "extracting" the Kerberos key from a GSS ticket? > > Microsoft sends the Kerberos ticket (SPNEGO over http) using the GSS > methods. If one attempts to handle the internal Kerberos ticket > information (such as the case of the PAC data) he will have to use the > Kerberos ticket. > > Any idea? > Any explicit function I've missed ? such as > gss_extract_krb5_ticket()..? In 1.4 MIT added gss_krb5_export_lucid_sec_context() to obtain information from the negotiated context. (This is a mechanism- specific routine currently available only in the MIT distribution AFAIK.) Is this close to what you are looking for? K.C. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos --===============55702843351696818== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-ezZXZy8yNP9A71OyCZn2" --=-ezZXZy8yNP9A71OyCZn2 Content-Type: text/p...

Kerberos / GSS-API for SCTP
Hello, I am looking into GSS-API as a protection mechanism for SCTP connections. SCTP connects multiple independent streams at once, and can decide on in-order or out-of-order delivery on a per-frame basis. SCTP has reliable delivery by default. I found that the Kerberos mechanism for GSS-API includes a sequence number that is incremented with each wrapped or MIC�d message. I assume that the receiving side would verify that sequence number, and drop any thing too old, and perhaps also anything too new. This would mean that Kerberos over GSS-API enforces a strict ordering, and is thus...

kerberos (SEAM) kadmin will not start
Solaris 9, core + packages + fully patched; Posted this on comp.unix.solaris also: After a lot of googling I am surprised to find little mention of this problem. I have all my kerberos working fine on a Solaris 9 except for getting kadmind to run. It will fail to initialize the gss-api and a apptrace of that shows that it cannot start a RPC. some message boards have identified the cause as not having /var/krb5/rcache/root directory. I have that. some say I must have the wrong REALM identity in my kdc.conf or krb5.conf. I don't think that's the case because every other facet of kerberos works. I get good logins using kerberos passwords and the krb5tgt is refreshed and shows the updated start and exprie dates and shows the date that I can refresh tgt tickets util. I checked the RPC ports (/etc/services), I did a rpcinfo -p hostname and all loooks to be well there. the gssd rpc is 100234 but gssd is not running. "don't know if it should be running or is it called by the RPC". not much useful info in the /var/krb5/kadmin.log, just repeats the same failure. I also notice that many of the message boards have this question as unanswered. Many of these are old posts from years ago. I saw one post where the SA was using Solaris 10 and he only had to clear the maintenance state to get GSSAPI initialized. Any takers? I have beat my feeble brain to death on this one. more info; Well it wasn't the gssd I started that to test and still get the GSSAPI initializ...

Re: kerberos
Sorry, my pc changed 'kadmin' to 'admin' and I did not notice it. > > --- Original message --- > Subject: Re: kerberos - Kadmin does not work > From: Jeremy Hunt <jeremyh@optimation.com.au> > To: <kerberos@mit.edu> > Date: Thursday, 05/03/2015 8:03 AM > > > > Hi Arun, > > You should also answer Mauricio's question, but did you know > kadmin.local should only be run on the KDCs, and should only really be > run on the Master KDC. > > If you want to connect to the Master KDC from a client or a Re...

SSH1 - gss-api - kerberos
Hello, I am trying to develop a Java SSH client targeting a version of Kerberised SSH1 server talking GSS-API. Does anybody know of anybody else dealing with this scenario? Is there a place I can find SSH1 Java API that support communication using GSS-API? Any help in this regard is much appreciated. thanks Ranga Samudrala ...

Web resources about - kadmin: GSS-API (or Kerberos) error while initializing kadmin interface - comp.protocols.kerberos

Resources last updated: 3/10/2016 11:23:46 PM