[24068] in Kerberos
pb with a simple kdc installation
daemon@ATHENA.MIT.EDU (SFBZH@aol.com)
Mon Jun 13 09:14:47 2005
Date: Mon, 13 Jun 2005 09:09:37 -0400
From: SFBZH@aol.com
To: kerberos@mit.edu
MIME-Version: 1.0
Message-ID: <2AA4C3CC.755E82FD.0000F54D@aol.com>
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Errors-To: kerberos-bounces@mit.edu
hello,
I'm trying to install krb5-1.4.1 on 3.1.3-6.2 Red Hat. I want a single kdc (no slave/replication) on my Red Hat station called pc36 in the domain domain.com.
I follow the buil/install instructions from doc/install-guide.ps
in /src/
>./configure
>make
>make install
in etc/krb5.conf:
[libdefaults]
default_realm = DOMAIN.COM
default_domain = etiam.com
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
[realm]
DOMAIN.COM = {
kdc = pc36.domain.com:88
admin_server = pc36.domain.com:750
}
[domain_realm]
.etiam.com = ETIAM.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = = FILE:/var/log/kadmin.log
default = = FILE:/var/log/krb5lib.log
and in usr/local/var/krb5kdc/kdc.conf:
[kdcdefault]
kdc_ports = 88,750
[realms]
DOMAIN.com = {
profile = /etc/krb5.conf
acl_file = /usr/local/var/krb5kdc/kadm5.acl
admin_keytab = = /usr/local/var/krb5kdc/kadm5.keytab
databasename = /usr/local/var/krb5kdc/principal
kadmind_port = 750
key_stash_file = = /usr/local/var/krb5kdc/.k5stash
max_life = 7d 0h 0m 0s
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
}
then, in /usr/local/sbin/
>./kdb5_util create -r DOMAIN.COM -s
It says:
initializing database '/usr/local/var/krb5kdc/principal' for realm 'DOMAIN.COM'
master key name 'K/M@DOMAIN.COM'
kdb5_util asks for a master key, I enter "masterkey" twice.
The folfer /usr/local/var/krb5kdc/ now contains:
kdc.conf
principal
principal.kadm5
principal.kadm5.lock
principal.ok
I don't have any stash file nor keytab.
Do I need to install something more? Is there something wrong in my configuration files? Am I misunderstanding something?
thx
M
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
