f



kadmin: GSS-API (or Kerberos) error

Hi Guys,

This is my first email to this mailing list. I've encountered some issue
with my kerberos implementation. I've already setup my kdc and i'm able
to kinit and klist my tickets. The only problem left is that i'm unable
to execute kadmin in remote client. Whenever i try to do that the
following errors popped up.

kadmin: GSS-API (or Kerberos) error while initializing kadmin interface


I'm actually connecting from my client pc bar.intra.foobar.com to
foo.intra.foobar.com(kdc)

my current krb5.conf is

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = INTRA.FOOBAR.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 INTRA.FOOBAR.COM = {
  kdc = kerberos1.intra.foobar.com:88
  admin_server = kerberos1.intra.foobar.com:749
  default_domain = intra.foobar.com
 }

[domain_realm]
 .intra.foobar.com = INTRA.FOOBAR.COM
 intra.foobar.com = INTRA.FOOBAR.COM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

*** NOTE ***	
kerberos1.intra.foobar.com is actually an alias to foo.intra.foobar.com


my current kadm5.keytab is 

slot KVNO Principal
---- ----
---------------------------------------------------------------------
   1    8            kadmin/admin@INTRA.FOOBAR.COM
   2    8            kadmin/admin@INTRA.FOOBAR.COM
   3    4         kadmin/changepw@INTRA.FOOBAR.COM
   4    4         kadmin/changepw@INTRA.FOOBAR.COM
   5    3 kadmin/foo.intra.foobar.com@INTRA.FOOBAR.COM
   6    3 kadmin/foo.intra.foobar.com@INTRA.FOOBAR.COM
   7    4 kadmin/foo.intra.foobar.com@INTRA.FOOBAR.COM
   8    4 kadmin/foo.intra.foobar.com@INTRA.FOOBAR.COM


my current info on the jyho/admin principals

kadmin.local:  getprinc jyho/admin
Principal: jyho/admin@INTRA.FOOBAR.COM
Expiration date: [never]
Last password change: Tue Jun 12 23:07:35 MYT 2007
Password expiration date: [none]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 0 days 00:00:00
Last modified: Tue Jun 12 23:07:35 MYT 2007
(root/admin@INTRA.FOOBAR.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]



my /var/log/krb5kdc.log shows

        Jun 21 19:52:50 foo.intra.foobar.com krb5kdc[1927](info): AS_REQ
        (7 etypes {18 17 16 23 1 3 2}) 10.10.10.14: ISSUE: authtime
        1182426770, etypes {rep=16 tkt=16 ses=16},
        jyho/admin@INTRA.FOOBAR.COM for
        kadmin/foo.intra.foobar.com@INTRA.FOOBAR.COM
        Jun 21 19:52:50 foo.intra.foobar.com krb5kdc[1927](info): AS_REQ
        (7 etypes {18 17 16 23 1 3 2}) 10.10.10.14: ISSUE: authtime
        1182426770, etypes {rep=16 tkt=16 ses=16},
        jyho/admin@INTRA.FOOBAR.COM for
        kadmin/foo.intra.foobar.com@INTRA.FOOBAR.COM




and my /var/log/kadmind.log shows

        Jun 21 19:49:13 foo.intra.foobar.com kadmind[1911](Notice):
        Request: kadm5_get_principal,
        kadmin/foo.intra.foobar.com@INTRA.FOOBAR.COM, success,
        client=jyho/admin@INTRA.FOOBAR.COM,
        service=kadmin/foo.intra.foobar.com@INTRA.FOOBAR.COM,
        addr=10.10.10.13
        Jun 21 19:49:13 foo.intra.foobar.com kadmind[1911](Notice):
        Request: kadm5_get_principal,
        kadmin/foo.intra.foobar.com@INTRA.FOOBAR.COM, success,
        client=jyho/admin@INTRA.FOOBAR.COM,
        service=kadmin/foo.intra.foobar.com@INTRA.FOOBAR.COM,
        addr=10.10.10.13
        


*** NOTE ***
Host/User	:	jyho
Hostname	:	foo.intra.foobar.com
Realm		:	INTRA.FOOBAR.COM



Any Ideas on this issue guys? thanks.

-- 
Regards,

Anthony Ho

System Administrator



0
jyho (6)
6/21/2007 4:20:47 AM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
854 Views

Similar Articles

[PageSpeed] 45

Reply: