[3344] in Kerberos
Novice kerberos questions - please help!
daemon@ATHENA.MIT.EDU (Usenet News)
Sat May 28 23:14:30 1994
To: kerberos@MIT.EDU
Date: 26 May 1994 15:25:04 -0500
From: news@flowbee.interaccess.com (Usenet News)
For the past several weeks, I've been trying to get a Kerberos system
implemented at work. Our layout is as follows: one Sun Sparc2, two Dell
Pentiums with BSDI. Users are on the BSDI machine and then Sun is to act as
the all around server (NFS, mail, others).
BSDI ships with kerberos binaries on floppy - easy to install. I began with
setting the Sun up with kerberos to act as the server. I've gotten it as
far as being able to do a 'kinit <username>' and get a ticket. Logins from
one of the BSDI machines failed. I would get errors like "Can't get
authentication".
I then took a spare 486 box and tossed BSDI on there and tried to set that
up as the server. I figured that would be easier since BSDI is nice enough
to supply /etc/inetd.conf and /etc/services so I wouldn't be missing
anything. I followed these steps:
Made /etc/krb.conf:
INTERACCESS.COM
INTERACCESS.COM kerberos.INTERACCESS.COM admin server
Made /etc/krb.realm
.interaccess.com INTERACCESS.COM
Ran kdb_init: entered realm name of INTERACCESS.COM and master passwd.
Ran kstash
Ran kdb_edit: entered my username as principal, null instance, and accepted
the defaults
Started the kerberos server (kerberos &)
Ran ext_srvtab squidboy (that machines name) and renamed it to /etc/srvtab
I can successsfully get a ticket using the kinit, and can list my ticket as
well. I found out the hard way that for every application (rlogin, passwd)
there needs to be a principle for it. When I do a passwd, I get prompted
for my Old Password and then I get the error message that it can't decode
authenticator.
I though that as I logged in, I would be granted a ticket - instead I get
the "Warning: no kerberos tickets issued" when I log in from the console.
Looking at the kerberos log, I see that ticket request was made but I get
the same above error.
Can someone point me to a solution? This is by far the most troublesome
project I've started. Thanks in advance to anyone.
- Matthew
