kadmind (1.5.2) not respecting --keytab parameter

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

kadmind (1.5.2) not respecting --keytab parameter

Adam Lewenberg
I am trying to run kadmind using Heimdal 1.5.2 (delayed from moving to
more recent version by technical issues).

I use this to start the service:

/usr/lib/heimdal-servers/kadmind --keytab=/etc/heimdal-kdc/kadmin.keytab
--config-file=/etc/heimdal-kdc/kdc.conf --debug

When I run a kadmin command from another server this is the error that
shows up in the logs:

017-03-25T16:31:13.895643-07:00 kerberos-qa1 kadmind[1667]:
Miscellaneous failure (see text)
2017-03-25T16:31:13.895733-07:00 kerberos-qa1 kadmind[1667]: Failed to
find kadmin/[hidden email](kvno 1) in keytab FILE:/etc/krb5.keytab
(aes256-cts-hmac-sha1-96)
2017-03-25T16:31:13.895932-07:00 kerberos-qa1 kadmind[1667]: gss error, exit

Why is kadmind looking at /etc/krb5.keytab when I specified the keytab
file with the --keytab parameter?

Thanks, Adam Lewenberg

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: kadmind (1.5.2) not respecting --keytab parameter

Viktor Dukhovni-2

> On Mar 25, 2017, at 7:38 PM, Adam Lewenberg <[hidden email]> wrote:
>
> /usr/lib/heimdal-servers/kadmind --keytab=/etc/heimdal-kdc/kadmin.keytab --config-file=/etc/heimdal-kdc/kdc.conf --debug
>
> When I run a kadmin command from another server this is the error that shows up in the logs:
>
> 017-03-25T16:31:13.895643-07:00 kerberos-qa1 kadmind[1667]: Miscellaneous failure (see text)
> 2017-03-25T16:31:13.895733-07:00 kerberos-qa1 kadmind[1667]: Failed to find kadmin/[hidden email](kvno 1) in keytab FILE:/etc/krb5.keytab (aes256-cts-hmac-sha1-96)
> 2017-03-25T16:31:13.895932-07:00 kerberos-qa1 kadmind[1667]: gss error, exit
>
> Why is kadmind looking at /etc/krb5.keytab when I specified the keytab file with the --keytab parameter?

[ I've not checked the 1.5 code. ]

Have you tried reversing the order of the options?

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: kadmind (1.5.2) not respecting --keytab parameter

Adam Lewenberg
Er, um, it appears I was using the MIT version of kadmin on the client
side. Problem solved!

On 3/25/2017 5:52 PM, Viktor Dukhovni wrote:

>
>> On Mar 25, 2017, at 7:38 PM, Adam Lewenberg <[hidden email]> wrote:
>>
>> /usr/lib/heimdal-servers/kadmind --keytab=/etc/heimdal-kdc/kadmin.keytab --config-file=/etc/heimdal-kdc/kdc.conf --debug
>>
>> When I run a kadmin command from another server this is the error that shows up in the logs:
>>
>> 017-03-25T16:31:13.895643-07:00 kerberos-qa1 kadmind[1667]: Miscellaneous failure (see text)
>> 2017-03-25T16:31:13.895733-07:00 kerberos-qa1 kadmind[1667]: Failed to find kadmin/[hidden email](kvno 1) in keytab FILE:/etc/krb5.keytab (aes256-cts-hmac-sha1-96)
>> 2017-03-25T16:31:13.895932-07:00 kerberos-qa1 kadmind[1667]: gss error, exit
>>
>> Why is kadmind looking at /etc/krb5.keytab when I specified the keytab file with the --keytab parameter?
>
> [ I've not checked the 1.5 code. ]
>
> Have you tried reversing the order of the options?
>

Loading...