[1416] in Kerberos_V5_Development
finally: the openvision admin system is committing
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon Jul 22 18:16:37 1996
To: krbdev@MIT.EDU
Date: Mon, 22 Jul 1996 18:16:28 EDT
From: Marc Horowitz <marc@MIT.EDU>
I have completed commiting changes to the mainline which include the
new openvision admin system. I've built and tested the system on
solaris and netbsd, so I'm confident it works pretty well.
There is documentation in the relevant directories. in particular:
kadmin/server
the new admin server. there's not actually a man page for
this, yet, but the usage message is pretty good.
kadmin/dbutil
this is the new program for creating databases and stashing
keys.
kadmin/cli
the client. when you build, kadmin.local will run on the
server and frob the database directly. kadmin is a client which
connects to the server.
If you have any working directories checked out on the mainline, you
probably want to do an update. Once you've done that, if you want to
create a new db for testing, the process is:
- make sure you have the new kdc.conf fields from
config-files/kdb.conf. the example below assume filenames slightly
different from the prototype.
> ./kadmin/dbutil/kdb5_util
kdb5_util: No such file or directory while setting active database to '/krb5/kdb5'
kdb5_util: create
Initializing database '/krb5/kdb5' for realm 'SECURE-TEST.OV.COM',
master key name 'K/M@SECURE-TEST.OV.COM'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_util: Cannot find/read stored master key while reading master key
kdb5_util: Warning: proceeding without master key
kdb5_util: stash
Enter KDC database master key:
kdb5_util: quit
> ./kadmin/cli/kadmin.local
kadmin.local: ank marc/admin
Enter password for principal "marc/admin@SECURE-TEST.OV.COM":
Re-enter password for principal "marc/admin@SECURE-TEST.OV.COM":
Principal "marc/admin@SECURE-TEST.OV.COM" created.
kadmin.local: ktadd -k WRFILE:/krb5/ovsec_adm.keytab kadmin/admin kadmin/changepw
kadmin.local: Entry for principal kadmin/admin with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/krb5/ovsec_adm.keytab.
kadmin.local: Entry for principal kadmin/changepw with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/krb5/ovsec_adm.keytab.
kadmin.local: quit
> echo 'marc/admin@SECURE-TEST.OV.COM *' > /krb5/ovsec_adm.acl
> ./kdc/krb5kdc
> ./kadmin/server/kadmind
GSS-API authentication error acquiring credentials: Miscellaneous failure
GSS-API authentication error acquiring credentials: No principal in keytab matches desired name
;; these errors indicate that the ov-compat principals aren't in the
;; admin server keytab. No error should be printed in this case.
> ./kadmin/cli/kadmin -p marc/admin
Enter password:
kadmin: ank marc
Enter password for principal "marc@SECURE-TEST.OV.COM":
Re-enter password for principal "marc@SECURE-TEST.OV.COM":
Principal "marc@SECURE-TEST.OV.COM" created.
kadmin: quit
> ./clients/kinit/kinit marc
Password for marc@SECURE-TEST.OV.COM:
<99> DUN-DUN-NOODLES:marc/krb5/build> ./clients/klist/klist
Ticket cache: /tmp/krb5cc_8888
Default principal: marc@SECURE-TEST.OV.COM
Valid starting Expires Service principal
22 Jul 96 18:09:07 23 Jul 96 04:09:05 krbtgt/SECURE-TEST.OV.COM@SECURE-TEST.OV.COM
Of course, you use telnet, ftpd, etc. the same way you did before.
