Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 5557 From root@marte.cat.cbpf.br Wed Nov 1 08:41:14 2000 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id IAA02440 for ; Wed, 1 Nov 2000 08:41:05 -0500 (EST) Received: from cbpfsu1.cat.cbpf.br by MIT.EDU with SMTP id AA20041; Wed, 1 Nov 00 08:42:00 EST Received: from marte.cat.cbpf.br (marte [152.84.253.250]) by cat.cbpf.br (8.9.3/8.9.3) with ESMTP id LAA04367 for ; Wed, 1 Nov 2000 11:40:06 -0200 (EDT) Received: (from root@localhost) by marte.cat.cbpf.br (8.9.3+Sun/8.9.3) id LAA04487; Wed, 1 Nov 2000 11:39:41 -0200 (EDT) Message-Id: <200011011339.LAA04487@marte.cat.cbpf.br> Date: Wed, 1 Nov 2000 11:39:41 -0200 (EDT) From: gmachado@cbpf.br Reply-To: gmachado@imagelink.com.br To: krb5-bugs@MIT.EDU Cc: Subject: Cannot find KDC for requested realm while getting initial credentials X-Send-Pr-Version: 3.99 >Number: 898 >Category: krb5-kdc >Synopsis: Cannot find KDC for requested realm while getting initial credentials >Confidential: yes >Severity: non-critical >Priority: low >Responsible: tlyu >State: feedback >Class: support >Submitter-Id: unknown >Arrival-Date: Wed Nov 1 08:42:00 EST 2000 >Last-Modified: Fri Feb 2 16:39:12 EST 2001 >Originator: Gustavo >Organization: CBPF >Release: krb5-1.2.1 >Environment: Sun SPARCstation 4 OS Solaris 2.8 System: SunOS marte 5.8 Beta_Refresh sun4m sparc SUNW,SPARCstation-4 Architecture: sun4 >Description: kinit admin Password for admin@cat.cbpf.br : kinit: Cannot find KDC for requested realm while getting initial credentials >How-To-Repeat: krb5.conf ------------------------------------------------------------------- # krb5.conf template # In order to complete this configuration file # you will need to replace the ____ placeholders # with appropriate values for your network. # [libdefaults] ticket_lifetime = 600 default_realm = CAT.CBPF.BR default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc [kdc] profile = /usr/local/var/krb5kdc/kdc.conf [realms] CAT.CBPF.BR = { kdc = marte.cat.cbpf.br:88 admin_server = marte.cat.cbpf.br:749 default_domain = cbpf.br } [domain_realms] .cbpf.br = CAT.CBPF.BR cbpf.br = CAT.CBPF.BR [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE/var/log/krb5lib.log kdc_rotate = { # How often to rotate kdc.log. Logs will get rotated no more # often than the period, and less often if the KDC is not used # frequently. period = 1d # how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...) versions = 10 } [appdefaults] kinit = { renewable = true forwardable= true } ---------------------------------------------------------------------------------- /usr/local/sbin/kadmin.local Authenticating as principal root/admin@CAT.CBPF.BR with password. kadmin.local: listprincs K/M@CAT.CBPF.BR admin/admin@CAT.CBPF.BR host/marte.cat.cbpf.br@CAT.CBPF.BR host/spin.cat.cbpf.br@CAT.CBPF.BR kadmin/admin@CAT.CBPF.BR kadmin/changepw@CAT.CBPF.BR kadmin/history@CAT.CBPF.BR krbtgt/CAT.CBPF.BR@CAT.CBPF.BR kadmin.local: quit >Fix: how to correct or work around the problem, if known How do I integrate Nis+ and Kerberos Database? Is there anyway Kerberos 5 can read Nis+ database? We already have 400 users accounts, hostnames and services running on a Nis+ domain envinroment. >Audit-Trail: From: Ken Raeburn To: gmachado@imagelink.com.br Cc: krb5-bugs@MIT.EDU Subject: Re: krb5-kdc/898: Cannot find KDC for requested realm while getting initial credentials Date: 05 Nov 2000 16:27:11 -0500 I notice two suspicious things in your report. kinit admin Password for admin@cat.cbpf.br : kinit: Cannot find KDC for requested realm while getting initial credentials First, the password prompt doesn't add a space after the principal name. So somehow kinit thinks that the realm name ends in a space. Our krb5.conf parsing isn't as good as it should be; is there a space after the default_realm line? (It looks like it from the copy in my mailbox, but I don't trust mailers much about such things.) If so, try removing it and see if that fixes the problem. Second, "cat.cbpf.br" is displayed in lower-case. Realm names are case-sensitive, and our code won't alter the case of a realm name. So if it's displaying a lower-case realm name, it must not think that it should be using the CAT.CBPF.BR realm, though I'm not sure why that would be. Ken From: Tom Yu To: gmachado@imagelink.com.br Cc: krb5-bugs@MIT.EDU Subject: Re: krb5-kdc/898: Cannot find KDC for requested realm while getting initial credentials Date: Fri, 2 Feb 2001 16:37:26 -0500 (EST) Are you sure you are running the version of kinit that you think you are? The trailing whitespace in your config file on the "default_realm" line shouldn't confuse 1.2.1, so you may actually be running an older release that didn't have the whitespace fix for the parser. ---Tom Responsible-Changed-From-To: krb5-unassigned->tlyu Responsible-Changed-By: tlyu Responsible-Changed-When: Fri Feb 2 16:38:59 2001 Responsible-Changed-Why: refiled State-Changed-From-To: open-feedback State-Changed-By: tlyu State-Changed-When: Fri Feb 2 16:39:06 2001 State-Changed-Why: refiled >Unformatted: