Skip Menu |
 

Download (untitled) / with headers
text/plain 3.3KiB
From sfreed@gilasoft.com Wed Dec 24 12:33:04 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA04571 for <bugs@RT-11.MIT.EDU>; Wed, 24 Dec 1997 12:33:03 -0500
Received: from hesperus.gilasoft.com by MIT.EDU with SMTP
id AA04734; Wed, 24 Dec 97 12:33:00 EST
Received: (from daemon@localhost)
by hesperus.gilasoft.com (8.8.7/8.8.7) id KAA04729
for <krb5-bugs@mit.edu>; Wed, 24 Dec 1997 10:36:34 -0700 (MST)
Received: from tiehack.gilasoft.com(192.160.121.98)
via SMTP by hesperus.gilasoft.com, id smtpd004721; Wed Dec 24 10:35:58 1997
Received: by tiehack.gilasoft.com id KAA22551; Wed, 24 Dec 1997 10:35:57 -0700 (MST)
Message-Id: <199712241735.KAA22551@tiehack.gilasoft.com>
Date: Wed, 24 Dec 1997 10:35:57 -0700 (MST)
From: sfreed@gilasoft.com
Reply-To: sfreed@gilasoft.com
To: krb5-bugs@MIT.EDU
Subject: kadmind can't find kadm5.keytab
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 517
>Category: krb5-admin
>Synopsis: kadmind does not look for default kadm5.keytab file
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bjaspan
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Dec 24 12:34:03 EST 1997
>Last-Modified:
>Originator: Steven Freed
>Organization:
Magic Software Development, Inc.

Show quoted text
>Release: krb5-1.0.4
>Environment:
Intel Pentium, BSD/OS 3.1 standard install
System: BSD/OS tiehack.gilasoft.com 3.1 BSDI BSD/OS 3.1 Kernel #1: Wed Oct 29 09:38:31 MST 1997 sfreed@tiehack.gilasoft.com:/usr/src/sys/compile/TIEHACK i386


Show quoted text
>Description:
In ./include/krb5/osconf.h, it has the line:

#define DEFAULT_KADM5_KEYTAB "/usr/local/var/krb5kdc/kadm5.keytab"

but kadmind cannot find it. Doing a ktace on kadmind, it seems that
it only looks in the file /etc/krb5.keytab and does not look at
/usr/local/var/krb5kdc/kadm5.keytab at all.

If I add the line

admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab

to the [realms] section of the /usr/local/var/krb5kdc/kdc.conf
file (which kadmind does open and read), then the results are
exactly the same. I don't know if this is a valid line in the
kdc.conf file or not, there is such a line in the
.../src/config-files/kdc.conf example of the distibution, but there
is no mention of it in the man page. Then again, I have seen a couple
other example kdc.conf files that had stuff which is not mentioned
in the man page, so I guess this might be a documentation bug also.



Show quoted text
>How-To-Repeat:
N/A
Show quoted text
>Fix:
While not a "fix" per se., I can get kadmind to work by setting
the following environment variable:

setenv KRB5_KTNAME /usr/local/var/krb5kdc/kadm5.keytab

I think there may be other related problems (that is, problems
caused by whatever is causing this one) because if I use kadmin
and do a "ktadd host/tiehack.gilasoft.com", I get the error:

kadmin: Cannot write to specified key table while adding key to keytab

but if I do a "ktadd -k /etc/krb5.keytab host/tiehack.gilasoft.com", it
works correctly. I do not know what it's trying to do, I can't tell
from a ktrace. It doesn't try to open a file to write the keytab
before it gives the error.
Show quoted text
>Audit-Trail:
>Unformatted:
Not relevant anymore as we no longer use a file-based keytab for kadmind.
Was fixed earlier anyway as part of the 3des merge for 1.1.