[2580] in Kerberos-V5-bugs
pending/297: Installing Kerberos V5
daemon@ATHENA.MIT.EDU (Ben Dehner)
Thu Dec 12 15:01:44 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, benjid@team2.teamnet.net (Ben Dehner)
Date: Thu, 12 Dec 1996 14:00:02 -0600 (CDT)
From: benjid@team2.teamnet.net (Ben Dehner)
To: krb5-bugs@MIT.EDU
>Number: 297
>Category: pending
>Synopsis: Installing Kerberos V5
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Dec 12 15:01:00 EST 1996
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
I'm sending this to "krb5-bugs" since I'm not sure where else to send
this; this may be a bug or a user error.
Anyhow, I am trying to install Kerberos version 5 beta-7 on a SGI
system under IRIX 5.3; I compiled the source code using gcc 2.7.2. The
compile and install went mostly clean, although there were some warnings
about "mixed pointer/integer" errors. (I shoulda redirected the output
of the "make" into a file just for this ...)
Since it seemed to install just fine, I then tried to create a
database with the kdb5_util command; thats where I ran into trouble.
First, I created a file /etc/krb5.conf, included below. I basically
copied this file out of the Appendix in the Install guide, with local
changes. Next, I created a file /usr/krb5/lib/krb5kdc/kdc.conf, also below.
However, when I tried to run "kdb5_util" to create the data files, it crashed
because it was trying to put the database files in "/usr/local/lib/krb5kdc",
which it couldn't find. I didn't create that directory because I *thought* I
had specified that the database files go into the /usr/krb5 area. After a
bit of mucking around, I came to the conclusion that the "kdc" profile option
in the /etc/krb5.conf file was being ignored by kdb5_util. Incidentally,
the man page on on the krb5.conf file (krb5.conf.5) does not mention the
the [kdc] section.
I next tried putting kdc.conf in the /usr/local/lib/krb5kdc
directory, since that is the default path; this time, it found kdc.conf, and
(seemed to) create the database files where I wanted them, in /usr/krb5.
However, kdb5_util exited with the following error message:
kdb5_util: Can't open/find configuration file while initializing the kerberos
context
(Question: WHICH config file?)
Finally, I tried putting everything in the /usr/local directory, and
changed the kdc.conf file so that all the database stuff would go under this
directory as well. However, kdb5_util again exited with the above error
message.
Thanks for your time and assistance; if there are any other details
needed, please contact me.
Ben Dehner
***************************************************************
config files:
********************** krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = TEAMNET.NET
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
TEAMNET.NET = {
kdc = team2.teamnet.net:88
admin_server = team2.teamnet.net:749
default_domain = teamnet.net
}
}
[domain_realm]
.teamnet.net = TEAMNET.NET
teamnet.net = TEAMNET.NET
[kdc]
profile = /usr/krb5/lib/krb5kdc/kdc.conf
[logging]
kdc = SYSLOG:LOG_NOTICE:LOG_LOCAL1
admin_server = SYSLOG:LOG_NOTICE:LOG_LOCAL1
default = SYSLOG:LOG_NOTICE:LOG_LOCAL1
*************************
***************** kdc.conf
[kdcdefaults]
kdc_ports = 88,750
[realms]
TEAMNET.NET = {
profile = /etc/krb5.conf
database_name = /usr/krb5/lib/krb5kdc/principal
admin_database_name = /usr/krb5/lib/krb5kdc/principal.kadm5
admin_database_lockfile = /usr/krb5/lib/krb5kdc/principal.kadm5.lock
admin_keytab = /usr/krb5/lib/krb5kdc/kadm5.keytab
acl_file = /usr/krb5/lib/krb5kdc/kadm5.acl
dict_file = /usr/krb5/lib/krb5kdc/kadm5.dict
key_stash_file = /usr/krb5/lib/krb5kdc/.k5.TEAMNET.NET
kadmin_port = 749
max_life = 12h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4
}
**************************