[2469] in Kerberos-V5-bugs
pending/202: Re: error while initializing kadmin interface
daemon@ATHENA.MIT.EDU (Peter Ziobrzynski)
Mon Nov 18 12:41:59 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, Peter Ziobrzynski <pzi@netmediatech.com>
Date: Mon, 18 Nov 1996 12:37:22 -0500
From: Peter Ziobrzynski <pzi@netmediatech.com>
To: unlisted-recipients:;;;@netmediatech.com; (no To-header on input)
Cc: krb5-bugs@MIT.EDU
>Number: 202
>Category: pending
>Synopsis: Re: error while initializing kadmin interface
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Nov 18 12:38:01 EST 1996
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Barry Jaspan wrote:
>
> # ls -l /usr/local/lib/krb5kdc/kadm5.keytab
> -rw------- 1 root other 119 Nov 1 10:41 /usr/local/lib/krb5kdc/kadm5.keytab
>
> It appears that I have everything I need to run kadmin, but I keep
> getting the GSS-API error. Have I overlooked something?
>
> Check the key version number of kadmin/admin and kadmin/changepw in
> the keytab and in the database (use klist -k for the keytab, and
> get_principal in kadmin for the database). If they don't match,
> that's the problem. Fix it by re-extracting the keytab with kadmin's
> ktadd.
>
> Hmmm. Perhaps there should be a separate error code for "No key table
> entry with matching key version number found" to identify this error
> more precisely...
>
> Barry
I have very similar problem (Linux). I followed your advice on checking
the KVNO in keytab file and the database - all the same:
% klist -k /usr/local/kerberos/lib/krb5kdc/kadm5.keytab
KVNO Principal
---- ---------------------------------------------------------------
7 kadmin/admin@NETMEDIATECH.COM
6 kadmin/changepw@NETMEDIATECH.COM
% kadmin.local
kadmin.local: getprinc kadmin/admin
<...>
Key: vno 7, DES cbc mode with CRC-32, no salt
<...>
kadmin.local: getprinc kadmin/changepw
<...>
Key: vno 6, DES cbc mode with CRC-32, no salt
<...>
My 'kinit' and 'klist' for users work fine - only 'kadmin' fails:
% kadmin
Enter password:
kadmin: Communication failure with server while initializing kadmin
interface
The syslog messages that follow every KDC transaction are like that:
Nov 18 12:25:36 tech syslog: AS_REQ 207.34.208.139(88):
ISSUE: authtime 848337936, pzi/admin@NETMEDIATECH.COM for
kadmin/admin@NETMEDIATECH.COM
Any ideas?
cheers - Peter
--
Peter Ziobrzynski, netMedia Technology Inc. <pzi@netmediatech.com>
204 Richmond St. #300, Toronto Ontario, Canada, M5V-1V6
tel.(416) 596-8520x242, fax.(416) 596-8610
