[32873] in Kerberos
Re: Help
daemon@ATHENA.MIT.EDU (Brian Candler)
Wed Nov 10 15:14:17 2010
Date: Wed, 10 Nov 2010 19:17:49 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Paulo Oliveira <bad_boy_sk8@hotmail.com>
Message-ID: <20101110191749.GA2785@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <SNT138-w148CC5D2F9E2CEB21E575BFC300@phx.gbl>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Nov 09, 2010 at 04:29:05PM -0200, Paulo Oliveira wrote:
> Now I am with problem in authentication. I type kinit paulo@teste.uem and appear:
>
> Nov 09 16:16:26 paulo-laptop krb5kdc[3372](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 127.0.0.1: CLIENT_NOT_FOUND: paulo@teste.uem for krbtgt/teste.uem@teste.uem, Client not found in Kerberos database
>
>
> In my kadm5.acl file has the user such as below:
>
> */paulo@teste.uem
Firstly, it's "kinit paulo@TESTE.UEM" - note the capitals - or just
"kinit paulo", if you have the default realm set as TESTE.UEM in
/etc/krb5.conf.
Next, the file kadm5.acl is only a list of which principals are kerberos
administrators - that is, which principals have rights to add, modify or
remove other principals.
So you still have to create a principal paulo@TESTE.UEM before they can
kinit. You can do this using kadmin.local on the KDC itself, which solves
the chicken-and-egg problem of how to create your administrator principal
before you have any administrators.
Once this is done, you no longer need kadmin.local - instead use kadmin from
a remote workstation, which talks to kadmind over TCP.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
