From petals@pandora.petalshome.com Tue Feb 4 14:02:07 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA21693 for <bugs@RT-11.MIT.EDU>; Tue, 4 Feb 1997 14:02:07 -0500
Received: from petals.vip.best.com by MIT.EDU with SMTP
id AA07329; Tue, 4 Feb 97 14:02:00 EST
Received: from gomer.petalshome.com (gomer [192.168.1.66]) by haedes.petalshome.com (8.6.12/8.6.9) with SMTP id KAA03141 for <krb5-bugs@mit.edu>; Tue, 4 Feb 1997 10:10:29 -0800
Message-Id: <199702041810.KAA03141@haedes.petalshome.com>
Date: Tue, 4 Feb 1997 10:10:35 +0000
From: "Michael Robinton" <petals@girlswear.com>
Reply-To: petals@girlswear.com
To: krb5-bugs@MIT.EDU
Subject: INSTALL IS BROKEN??
Comments: Authenticated sender is <petals@pandora>
State-Changed-From-To: open-closed
State-Changed-By: tytso
State-Changed-When: Fri Mar 28 01:18:00 1997
State-Changed-Why: Problem solved via private e-mail (user error)
not appear to work. I suspect it is only possible to install if a
previous version is in place and operating. OR -- maybe something is
not documented in the procedure. Keep it secret -- that makes it secure -
right!
-------------------------------------------------------
Below is the complete configuration and install
sequence I used for krb5-1.0. Per the book I believe.
I repeatably get an error when trying to propagate
the database to the slave kdc's using kprop
I can't figure out what I have done wrong.
I'm stumped, any assistance would be appreciated
NOTE: kslave1 has not had kerberos installed yet
-----------------------------------------
logged in as user 'root' on host pandora <<ON KMASTER
this is the DNS configuration
domain .petalshome.com 192.168.1.x
kmaster CNAME pandora
kslave2 CNAME wormhole
kslave1 CNAME knothole
--------------/etc/krb5.conf-------------
[libdefaults]
ticket_lifetime = 600
default_realm = PETALSHOME.COM
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
PETALSHOME.COM = {
kdc = kmaster.petalshome.com:88
kdc = kslave1.petalshome.com:88
kdc = kslave2.petalshome.com:88
admin_server = kmaster.petalshome.com:749
default_domain = petalshome.com
}
[domain_realm]
.petalshome.com = PETALSHOME.COM
petalshome.com = PETALSHOME.COM
[logging]
kdc = FILE:/var/adm/krb5kdc.log
admin_server = FILE:/var/adm/kadmin.log
default = FILE:/var/adm/krb5lib.log
-------------------------------------------
-----/usr/local/var/krb5kdc/kdc.conf-------
[kdcdefaults]
kdc_ports = 88,750
[realms]
PETALSHOME.COM = {
database_name = /usr/local/var/krb5kdc/principal
admin_keytab = /usr/local/var/krb5kdc/kadm5.keytab
acl_file = /usr/local/var/krb5kdc/kadm5.acl
dict_file = /usr/local/var/krb5kdc/kadm5.dict
key_stash_file = /usr/local/var/krb5kdc/.k5.PETALSHOME.COM
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal
}
--------------------------------------------
pandora:/# /usr/local/sbin/kdb5_util create -r PETALSHOME.COM -s
Initializing database '/usr/local/var/krb5kdc/principal' for realm
'PETALSHOME.COM', master key name 'K/M@PETALSHOME.COM' You will be
prompted for the database Master Password. It is important that you
NOT FORGET this password. Enter KDC database master key:
Re-enter KDC database master key to verify:
--------------kadm5.acl---------------------
root/admin@PETALSHOME.COM
* root/*@PETALSHOME.COM *
--------------------------------------------
pandora:/# /usr/local/sbin/kadmin.local kadmin.local:
addprinc root/admin@PETALSHOME.COM
Enter password for principal"root/admin@PETALSHOME.COM":
Re-enter password for principal"root/admin@PETALSHOME.COM":
Principal "root/@PETALSHOME.COM" created.
--------------------------------------------------------
kadmin.local: ktadd -k /usr/local/var/krb5kdc/kadm5.keytab kadmin/admin
kadmin/changepw
Entry for principal kadmin/admin with kvno 3,
encryption type DES-CBC-CRC added to keytab
WRFILE:/usr/local/var/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3,
encryption type DES-CBC-CRC added to
keytab WRFILE:/usr/local/var/krb5kdc/kadm5.keytab.
--------------------------------------------
/usr/local/sbin/krb5kdc
/usr/local/sbin/kadmind
cat /var/adm/k*.log
Feb 04 09:56:34 pandora
kadmind[28743](info): starting
Feb 04 09:56:34 pandora
krb5kdc[28741](info): commencing operation
--------------------------------------------
pandora:/usr/local/var/krb5kdc# /usr/local/sbin/kadmin
Enter password:
kadmin: addprinc -randkey host/kmaster.petalshome.com
Principal "host/kmaster.petalshome.com@PETALSHOME.COM" created.
kadmin: addprinc -randkey host/kslave1.petalshome.com
Principal "host/kslave1.petalshome.com@PETALSHOME.COM" created.
kadmin: addprinc -randkey host/kslave2.petalshome.com
Principal "host/kslave2.petalshome.com@PETALSHOME.COM" created.
------------kpropd.acl----------------------
host/kmaster.petalshome.com@PETALSHOME.COM
host/kslave1.petalshome.com@PETALSHOME.COM
host/kslave2.petalshome.com@PETALSHOME.COM
--------------------------------------------
kadmin: ktadd host/kmaster.petalshome.com
Entry for principal
host/kmaster.petalshome.com with kvno 3, encryption type DES-CBC-CRC
added to keytab WRFILE:/etc/krb5.keytab.
kadmin: q
--------------------------------------------
at this point the
following files are copied to KSLAVE2
/etc/krb5.conf
/usr/local/var/krb5kdc/kdc.conf
/usr/local/var/krb5kdc/kadm5.acl
/usr/local/var/krb5kdc/kpropd.acl
-----------------------------------
---user 'root' on kslave2 CNAME wormhole---<<<< ON KSLAVE2
kadmin: ktadd host/kslave2.petalshome.com
Entry for principal
host/kslave2.petalshome.com with kvno 3, encryption type DES-CBC-CRC
added to keytab WRFILE:/etc/krb5.keytab.
kadmin: q
--------------------------------------------
---------added to each inetd.conf-----------
krb5_prop stream tcp nowait root /usr/local/sbin/kpropd kpropd
eklogin stream tcp nowait root /usr/local/sbin/klogind klogind -k -c -e
kill -HUP (pid of inetd all kdc's)
--------------------------------------------
-------------services lines all kdc's-----------------
kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
kerberos-adm 749/udp
krb5_prop 754/tcp # Kerberos slave propagation
eklogin 2105/tcp # Kerberos encrypted rlogin
------------------------------------
---user 'root' on kmaster CNAME pandora-- <<< ON KMASTER ERROR ERROR
/usr/local/sbin/kdb5_util dump /usr/local/var/krb5kdc/slave_datatrans
/usr/local/sbin/kprop -f /usr/local/var/krb5kdc/slave_datatrans kslave2.petalshome.com
/usr/local/sbin/kprop:
Client not found in Kerberos database while getting initial ticket
--------------------------------------------
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA21693 for <bugs@RT-11.MIT.EDU>; Tue, 4 Feb 1997 14:02:07 -0500
Received: from petals.vip.best.com by MIT.EDU with SMTP
id AA07329; Tue, 4 Feb 97 14:02:00 EST
Received: from gomer.petalshome.com (gomer [192.168.1.66]) by haedes.petalshome.com (8.6.12/8.6.9) with SMTP id KAA03141 for <krb5-bugs@mit.edu>; Tue, 4 Feb 1997 10:10:29 -0800
Message-Id: <199702041810.KAA03141@haedes.petalshome.com>
Date: Tue, 4 Feb 1997 10:10:35 +0000
From: "Michael Robinton" <petals@girlswear.com>
Reply-To: petals@girlswear.com
To: krb5-bugs@MIT.EDU
Subject: INSTALL IS BROKEN??
Comments: Authenticated sender is <petals@pandora>
Show quoted text
>Number: 363
>Category: pending
>Synopsis: INSTALL IS BROKEN??
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Feb 04 14:03:01 EST 1997
>Last-Modified: Fri Mar 28 01:18:39 EST 1997
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Category: pending
>Synopsis: INSTALL IS BROKEN??
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Feb 04 14:03:01 EST 1997
>Last-Modified: Fri Mar 28 01:18:39 EST 1997
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
State-Changed-From-To: open-closed
State-Changed-By: tytso
State-Changed-When: Fri Mar 28 01:18:00 1997
State-Changed-Why: Problem solved via private e-mail (user error)
Show quoted text
>Unformatted:
Following the install procedure for a new kerberos installation does not appear to work. I suspect it is only possible to install if a
previous version is in place and operating. OR -- maybe something is
not documented in the procedure. Keep it secret -- that makes it secure -
right!
-------------------------------------------------------
Below is the complete configuration and install
sequence I used for krb5-1.0. Per the book I believe.
I repeatably get an error when trying to propagate
the database to the slave kdc's using kprop
I can't figure out what I have done wrong.
I'm stumped, any assistance would be appreciated
NOTE: kslave1 has not had kerberos installed yet
-----------------------------------------
logged in as user 'root' on host pandora <<ON KMASTER
this is the DNS configuration
domain .petalshome.com 192.168.1.x
kmaster CNAME pandora
kslave2 CNAME wormhole
kslave1 CNAME knothole
--------------/etc/krb5.conf-------------
[libdefaults]
ticket_lifetime = 600
default_realm = PETALSHOME.COM
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
PETALSHOME.COM = {
kdc = kmaster.petalshome.com:88
kdc = kslave1.petalshome.com:88
kdc = kslave2.petalshome.com:88
admin_server = kmaster.petalshome.com:749
default_domain = petalshome.com
}
[domain_realm]
.petalshome.com = PETALSHOME.COM
petalshome.com = PETALSHOME.COM
[logging]
kdc = FILE:/var/adm/krb5kdc.log
admin_server = FILE:/var/adm/kadmin.log
default = FILE:/var/adm/krb5lib.log
-------------------------------------------
-----/usr/local/var/krb5kdc/kdc.conf-------
[kdcdefaults]
kdc_ports = 88,750
[realms]
PETALSHOME.COM = {
database_name = /usr/local/var/krb5kdc/principal
admin_keytab = /usr/local/var/krb5kdc/kadm5.keytab
acl_file = /usr/local/var/krb5kdc/kadm5.acl
dict_file = /usr/local/var/krb5kdc/kadm5.dict
key_stash_file = /usr/local/var/krb5kdc/.k5.PETALSHOME.COM
kadmind_port = 749
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal
}
--------------------------------------------
pandora:/# /usr/local/sbin/kdb5_util create -r PETALSHOME.COM -s
Initializing database '/usr/local/var/krb5kdc/principal' for realm
'PETALSHOME.COM', master key name 'K/M@PETALSHOME.COM' You will be
prompted for the database Master Password. It is important that you
NOT FORGET this password. Enter KDC database master key:
Re-enter KDC database master key to verify:
--------------kadm5.acl---------------------
root/admin@PETALSHOME.COM
* root/*@PETALSHOME.COM *
--------------------------------------------
pandora:/# /usr/local/sbin/kadmin.local kadmin.local:
addprinc root/admin@PETALSHOME.COM
Enter password for principal"root/admin@PETALSHOME.COM":
Re-enter password for principal"root/admin@PETALSHOME.COM":
Principal "root/@PETALSHOME.COM" created.
--------------------------------------------------------
kadmin.local: ktadd -k /usr/local/var/krb5kdc/kadm5.keytab kadmin/admin
kadmin/changepw
Entry for principal kadmin/admin with kvno 3,
encryption type DES-CBC-CRC added to keytab
WRFILE:/usr/local/var/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3,
encryption type DES-CBC-CRC added to
keytab WRFILE:/usr/local/var/krb5kdc/kadm5.keytab.
--------------------------------------------
/usr/local/sbin/krb5kdc
/usr/local/sbin/kadmind
cat /var/adm/k*.log
Feb 04 09:56:34 pandora
kadmind[28743](info): starting
Feb 04 09:56:34 pandora
krb5kdc[28741](info): commencing operation
--------------------------------------------
pandora:/usr/local/var/krb5kdc# /usr/local/sbin/kadmin
Enter password:
kadmin: addprinc -randkey host/kmaster.petalshome.com
Principal "host/kmaster.petalshome.com@PETALSHOME.COM" created.
kadmin: addprinc -randkey host/kslave1.petalshome.com
Principal "host/kslave1.petalshome.com@PETALSHOME.COM" created.
kadmin: addprinc -randkey host/kslave2.petalshome.com
Principal "host/kslave2.petalshome.com@PETALSHOME.COM" created.
------------kpropd.acl----------------------
host/kmaster.petalshome.com@PETALSHOME.COM
host/kslave1.petalshome.com@PETALSHOME.COM
host/kslave2.petalshome.com@PETALSHOME.COM
--------------------------------------------
kadmin: ktadd host/kmaster.petalshome.com
Entry for principal
host/kmaster.petalshome.com with kvno 3, encryption type DES-CBC-CRC
added to keytab WRFILE:/etc/krb5.keytab.
kadmin: q
--------------------------------------------
at this point the
following files are copied to KSLAVE2
/etc/krb5.conf
/usr/local/var/krb5kdc/kdc.conf
/usr/local/var/krb5kdc/kadm5.acl
/usr/local/var/krb5kdc/kpropd.acl
-----------------------------------
---user 'root' on kslave2 CNAME wormhole---<<<< ON KSLAVE2
kadmin: ktadd host/kslave2.petalshome.com
Entry for principal
host/kslave2.petalshome.com with kvno 3, encryption type DES-CBC-CRC
added to keytab WRFILE:/etc/krb5.keytab.
kadmin: q
--------------------------------------------
---------added to each inetd.conf-----------
krb5_prop stream tcp nowait root /usr/local/sbin/kpropd kpropd
eklogin stream tcp nowait root /usr/local/sbin/klogind klogind -k -c -e
kill -HUP (pid of inetd all kdc's)
--------------------------------------------
-------------services lines all kdc's-----------------
kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
kerberos-adm 749/udp
krb5_prop 754/tcp # Kerberos slave propagation
eklogin 2105/tcp # Kerberos encrypted rlogin
------------------------------------
---user 'root' on kmaster CNAME pandora-- <<< ON KMASTER ERROR ERROR
/usr/local/sbin/kdb5_util dump /usr/local/var/krb5kdc/slave_datatrans
/usr/local/sbin/kprop -f /usr/local/var/krb5kdc/slave_datatrans kslave2.petalshome.com
/usr/local/sbin/kprop:
Client not found in Kerberos database while getting initial ticket
--------------------------------------------
Show quoted text
-----just for information------
kadmin: listprincs
kadmin/history@PETALSHOME.COM
K/M@PETALSHOME.COM
krbtgt/PETALSHOME.COM@PETALSHOME.COM
root/admin@PETALSHOME.COM
kadmin/admin@PETALSHOME.COM
kadmin/changepw@PETALSHOME.COM
host/kslave1.petalshome.com@PETALSHOME.COM
host/kmaster.petalshome.com@PETALSHOME.COM
host/kslave2.petalshome.com@PETALSHOME.COM
------------------------------------------
I have tried deleting and re-creating /etc/krb5.keytab on the
individual hosts to no avail.
TIA for assistance
Michael
----------------------------------------------------
See Petals' new web page at http://www.girlswear.com
for Pretty little girls wearing
distinctive clothing and accessories
kadmin: listprincs
kadmin/history@PETALSHOME.COM
K/M@PETALSHOME.COM
krbtgt/PETALSHOME.COM@PETALSHOME.COM
root/admin@PETALSHOME.COM
kadmin/admin@PETALSHOME.COM
kadmin/changepw@PETALSHOME.COM
host/kslave1.petalshome.com@PETALSHOME.COM
host/kmaster.petalshome.com@PETALSHOME.COM
host/kslave2.petalshome.com@PETALSHOME.COM
------------------------------------------
I have tried deleting and re-creating /etc/krb5.keytab on the
individual hosts to no avail.
TIA for assistance
Michael
----------------------------------------------------
See Petals' new web page at http://www.girlswear.com
for Pretty little girls wearing
distinctive clothing and accessories