f



Re: kerberos - Kadmin does not work


 Hi Arun,

You should also answer Mauricio's question, but did you know 
kadmin.local should only be run on the KDCs, and should only really be 
run on the Master KDC.

If you want to connect to the Master KDC from a client or a Replica 
KDC, then you should run the 'admin' program.

So when you say you installed kerberos on a PC, did you install it as 
a client system, a replica KDC or as the Master KDC ? If it is not as 
the Master KDC, then admin.local will not work.

Kind Regards,

Jeremy Hunt
>
> --- Original message ---
> Subject: kerberos - Kadmin does not work
> From: arun elango <arunelango89@gmail.com>
> To: <kerberos@mit.edu>
> Date: Thursday, 05/03/2015  7:15 AM
>
> Hi All,
>
> I would like to work with Kerberos in Windows. I have installed MIT
> Kerberos and found it to work fine. However *kadmin* , 'kadmin.local' 
> does
> not work. I searched for the solution but couldn't find one. Please 
> advice.
>
> Regards.
> AK
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

0
Jeremy
3/4/2015 8:47:27 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
578 Views

Similar Articles

[PageSpeed] 43

Reply:

Similar Artilces:

Kerberos Decrypted
http://www.digg.com/security/Kerberos_Decrypted ...

Kerberos Decrypted
http://www.digg.com/security/Kerberos_Decrypted ...

RE: MIT Kerberos and Solaris 10 Kerberos
Greetings, and thanks for the response. > > We run a number of Solaris 8 systems using Sun's SEAM PAM > implementation > > and MIT's Kerberos (which we're up to date on). We are > starting to look > > at Solaris 10, and are hoping to move towards Sun's > implementation of > > Kerberos. We are having a bit of trouble getting the two to talk > > properly, however. > > I'm confused - you cannot use the Solaris pam_krb5 with MIT Kerberos. > It is linked directly with the Solaris Kerberos libraries (private). I am trying to g...

RE: MIT Kerberos and Solaris 10 Kerberos #3
Thanks for the response. Please see inline... > In Solaris 10, all of the Kerberos services are already bundled, > there is no longer any external packages that need to be added. Right. > Whoever told you 'ksu' was part of the encryption kit was mistaken, > ksu has never been part of SEAM. OK, thanks for that clarification. It was a bit of a surprise to me when I was told it was there. So, does the Solaris 10 SEAM have any functionality similar to ksu, or just the standard su command? > The encryption kit for Solaris 10 enhances the overall crypto > capabilities ...

RE: MIT Kerberos and Solaris 10 Kerberos #4
Thanks. We'll have to keep our eyes open for 5-1.4. Rainer > -----Original Message----- > From: Tom Yu [mailto:tlyu@mit.edu] > Sent: Tuesday, January 11, 2005 11:12 AM > To: Wyllys Ingersoll > Cc: Heilke, Rainer; kerberos@mit.edu > Subject: Re: MIT Kerberos and Solaris 10 Kerberos > > > >>>>> "Wyllys" == Wyllys Ingersoll <wyllys.ingersoll@sun.com> writes: > > Wyllys> That's because Solaris 10 'kadmin' uses RPCSEC_GSS and > Wyllys> MIT uses a slightly different RPC protocol. > > [...] > >...

RE: MIT Kerberos and Solaris 10 Kerberos #6
OK, I think I have fixed the services. I have: # svcs -v | grep login online - 13:25:02 35 svc:/system/console-login:default online - 13:25:11 - svc:/network/login:eklogin online - 13:25:12 - svc:/network/login:klogin online - 13:25:12 - svc:/network/login:rlogin (Just to make sure, those ARE the correct versions? The ones I removed looked like: # svcadm disable svc:/network/klogin/tcp:default # svcadm disable svc:/network/eklogin/tcp:default The first entry in the svcs listing is, I assume, ...

RE: MIT Kerberos and Solaris 10 Kerberos #5
> > Can we force the Sol10 box to only use DES, to be > compatible with the > > Sol8/MIT systems (which is everything but the one Sol10 box)? > > If you are using MIT Kerberos on the Solaris 8 systems (including > pam_krb5 made for MIT, not the one that comes with SEAM), then > you should not worry about the enctypes because MIT already > supports all of the enctypes that S10 supports. > > The only time you need to worry about enctypes is when you > are using pre-S10 systems with SEAM apps. IN that situation, > ONLY the pre-solaris 10 systems need ...

RE: MIT Kerberos and Solaris 10 Kerberos #2
BTW, as a further clarification, the system was installed initially using our MIT Kerberos build (i.e. the same as we use on all of the Solaris 8 machines). I am now trying to get it to work with the Solaris 10 SEAM. One problem I see immediately (refreshing my memory with a couple quick tests) is that, when using the Sol10 SEAM to install the keytab, I immediately get: # kadmin -p rheilke/admin Authenticating as principal rheilke/admin@ATCOTEST.CA with password. Password for rheilke/admin@ATCOTEST.CA: kadmin: ktadd host/salty.atcotest.ca kadmin: Communication failure with server while chan...

RE: MIT Kerberos and Solaris 10 Kerberos
Wohoo! I read the man page for rlogin, and it is both the old rlogin, and the new (or something like that). Seems that you just have to give it the correct switches, and it Kerberizes the command. So, I did: rlogin -AF <sol8server> and it works! Thank you to Wyllys for all of your help. Now I'm going to try installing from scratch, and make sure I do the build properly. One question left for Wyllys before I do, though. Since ksu doesn't exist in the Solaris SEAM product, is our only option su? Rainer ________________________________________________ Kerberos mailing list ...

RE: MIT Kerberos and Solaris 10 Kerberos
> possibly 'su' with pam_krb5 for the authentication. Its not quite > the same as 'ksu', though. Douglas says the same. The su man page indicates something about this, but not a lot of details there. I'll look into this further. As far as a co-worker is concerned (and in our environment, I can see his point), this would be a show stopper. We use ksu for all sorts of things, including giving DBA's access to Oracle ID's. Thanks again for all of the help. I'll go through the su and pam.conf man pages, and see if I can figure it out. Rainer ______________...

RE: MIT Kerberos and Solaris 10 Kerberos
<laugh> Yup, I learned (the hard way!) to always stay logged in to a console session as root. R > Make sure you have a root window open before testing PAM. I > stumbled on > this when I tried to su and my test pam exit failed! ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Re: Anyone here EVER gotten Kerberos authentication working
Hi, PAM support first appeared in 9.40.UC2 (rather than 9.40.UC1). That is why it is not in the manuals for 9.4. However, with 9.4 you have in "$INFORMIXDIR/release/en_us/0333" a file named "pam.txt" which documents the support of PAM. It could be, that the documentation in IDS 10 manuals is not as detailed (or with as many examples) as this "pam.txt" file from 9.4. I would send you the file, however, I don't want to send it to the whole list ... If you can't get the file, then let me know and supply an e-mail address to which I can send the...

MIT Kerberos or Heimdal Kerberos?
Hi, How do I know the server install in the system is MIT Kerberos or Heimdal? I m using FreeBSD 5.2.1 Thanks sam ...

Re: Anyone here EVER gotten Kerberos authentication working #2
Doug Lawry wrote: >>I don't want to send it to the whole list ... > > > Why not?! See attached. Because he might accidentally send it as a mime attachment to an ascii newsgroup? :-D Cheers, -- Mark. +----------------------------------------------------------+-----------+ | Mark D. Stock mailto:mdstock@MydasSolutions.com |//////// /| | |///// / //| | +-----------------------------------+//// / ///| | |We value your comments, which have |//...

RE: Anyone here EVER gotten Kerberos authentication working #3
> -----Original Message----- > From: Mark D. Stock [mailto:mdstock@mydassolutions.com] > Sent: Monday, December 05, 2005 3:34 PM > To: Doug Lawry > Cc: informix-list@iiug.org > Subject: Re: Anyone here EVER gotten Kerberos authentication working > > Doug Lawry wrote: > > >>I don't want to send it to the whole list ... > > > > > > Why not?! See attached. > > Because he might accidentally send it as a mime attachment to an ascii > newsgroup? :-D If you send a picture of Marcel Marceau, is that by definition...

Web resources about - Re: kerberos - Kadmin does not work - comp.protocols.kerberos

Kerberos (protocol) - Wikipedia, the free encyclopedia
This article includes a list of references , related reading or external links , but its sources remain unclear because it lacks inline citations ...

Trekkies miss out after push to name Pluto moon 'Vulcan' fails; Kerberos and Styx chosen instead
BAD news, 'Star Trek' fans: Pluto's fourth and fifth moons have been named Kerberos and Styx, despite 'Vulcan' being the top suggestion.

Meet Pluto's smallest moons: Kerberos and Styx
Pluto's two smallest known moons have been officially named after characters associated with the underworld of Greek and Roman mythology.

Pluto's moons named Styx and Kerberos, despite vote for Vulcan
... Astronomical Union vetoed a public vote to name one of Pluto's two most recently discovered moons Vulcan and named the moons Styx and Kerberos. ...

kerberos articles on Engadget
kerberos articles, stories, news and information.

Microsoft Issues Emergency Patch for Kerberos Bug
The vulnerability could enable an attacker to elevate privileges. Microsoft recommends that organizations consider rebuilding their Windows domains. ...

Kerberos Productions Offers Expertise to President on the Weaponization of Outer Space
... game violence to the President and Vice-President of the United States, Sword of the Stars 1 & 2, Fort Zombie, and NorthStar developer Kerberos ...

The fourth and fifth moons of Pluto have officially been named Kerberos and Styx, respectively.
The fourth and fifth moons of Pluto have officially been named Kerberos and Styx , respectively. The Earth's moon is still named fucking "Aiden." ...

Poll For Pluto's Moons Closes, Vulcan and Kerberos Win - Geekosystem
First the SETI Institute put it up for vote, then the geeks and nerds swarmed the Internet, and now it's as certain as it can be before the International ...

Kerberos unleashed at last: Pluto’s dog-bone moon poses another mystery
NASA’s New Horizons probe has finally filled out its family portrait of Pluto and its moons – and Kerberos, the last moon to get its closeup, ...

Resources last updated: 1/25/2016 10:32:16 PM