pb with a simple kdc installation

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

pb with a simple kdc installation

SFBZH
hello,

I'm trying to install krb5-1.4.1 on 3.1.3-6.2 Red Hat. I want a single kdc (no slave/replication) on my Red Hat station called pc36 in the domain domain.com.
I follow the buil/install instructions from doc/install-guide.ps

in /src/
>./configure
>make
>make install



in etc/krb5.conf:


[libdefaults]
  default_realm = DOMAIN.COM
  default_domain = etiam.com
  default_tgs_enctypes = des-cbc-crc
  default_tkt_enctypes = des-cbc-crc

[realm]
  DOMAIN.COM = {
    kdc = pc36.domain.com:88
    admin_server = pc36.domain.com:750
  }

[domain_realm]
    .etiam.com = ETIAM.COM

[logging]
  kdc = FILE:/var/log/krb5kdc.log
  admin_server =  = FILE:/var/log/kadmin.log
  default =  = FILE:/var/log/krb5lib.log



and in usr/local/var/krb5kdc/kdc.conf:


[kdcdefault]
  kdc_ports = 88,750

[realms]
DOMAIN.com = {
  profile = /etc/krb5.conf
  acl_file = /usr/local/var/krb5kdc/kadm5.acl
  admin_keytab =  = /usr/local/var/krb5kdc/kadm5.keytab
  databasename = /usr/local/var/krb5kdc/principal
  kadmind_port = 750
  key_stash_file =  = /usr/local/var/krb5kdc/.k5stash
  max_life = 7d 0h 0m 0s
  supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
  kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
}


then, in /usr/local/sbin/
>./kdb5_util create -r DOMAIN.COM -s
It says:
initializing database '/usr/local/var/krb5kdc/principal' for realm 'DOMAIN.COM'
master key name 'K/[hidden email]'
kdb5_util asks for a master key, I enter "masterkey" twice.


The folfer /usr/local/var/krb5kdc/ now contains:
kdc.conf
principal
principal.kadm5
principal.kadm5.lock
principal.ok

I don't have any stash file nor keytab.


Do I need to install something more? Is there something wrong in my configuration files? Am I misunderstanding something?

thx

M
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: pb with a simple kdc installation

Francisco Oliveira-2
Try ls -la and you should be able to see the stash file.

F.

On 6/13/05, [hidden email] <[hidden email]> wrote:

> hello,
>
> I'm trying to install krb5-1.4.1 on 3.1.3-6.2 Red Hat. I want a single kdc (no slave/replication) on my Red Hat station called pc36 in the domain domain.com.
> I follow the buil/install instructions from doc/install-guide.ps
>
> in /src/
> >./configure
> >make
> >make install
>
>
>
> in etc/krb5.conf:
>
>
> [libdefaults]
>   default_realm = DOMAIN.COM
>   default_domain = etiam.com
>   default_tgs_enctypes = des-cbc-crc
>   default_tkt_enctypes = des-cbc-crc
>
> [realm]
>   DOMAIN.COM = {
>     kdc = pc36.domain.com:88
>     admin_server = pc36.domain.com:750
>   }
>
> [domain_realm]
>     .etiam.com = ETIAM.COM
>
> [logging]
>   kdc = FILE:/var/log/krb5kdc.log
>   admin_server =  = FILE:/var/log/kadmin.log
>   default =  = FILE:/var/log/krb5lib.log
>
>
>
> and in usr/local/var/krb5kdc/kdc.conf:
>
>
> [kdcdefault]
>   kdc_ports = 88,750
>
> [realms]
> DOMAIN.com = {
>   profile = /etc/krb5.conf
>   acl_file = /usr/local/var/krb5kdc/kadm5.acl
>   admin_keytab =  = /usr/local/var/krb5kdc/kadm5.keytab
>   databasename = /usr/local/var/krb5kdc/principal
>   kadmind_port = 750
>   key_stash_file =  = /usr/local/var/krb5kdc/.k5stash
>   max_life = 7d 0h 0m 0s
>   supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
>   kdc_supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
> }
>
>
> then, in /usr/local/sbin/
> >./kdb5_util create -r DOMAIN.COM -s
> It says:
> initializing database '/usr/local/var/krb5kdc/principal' for realm 'DOMAIN.COM'
> master key name 'K/[hidden email]'
> kdb5_util asks for a master key, I enter "masterkey" twice.
>
>
> The folfer /usr/local/var/krb5kdc/ now contains:
> kdc.conf
> principal
> principal.kadm5
> principal.kadm5.lock
> principal.ok
>
> I don't have any stash file nor keytab.
>
>
> Do I need to install something more? Is there something wrong in my configuration files? Am I misunderstanding something?
>
> thx
>
> M
> ________________________________________________
> Kerberos mailing list           [hidden email]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos