Skip Menu |

Subject: kadmin -s <server name> does not work
Download (untitled) / with headers
text/plain 1.1KiB
Version 1.6.3

dns_lookup_kdc = true
dns_lookup_realm = true


kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log

If I call kadmin -s <servername> with the krb5.conf above I got the
following error:

Authenticating as principal root/admin@HACKWEEK.SITE with password.
kadmin: Missing parameters in krb5.conf required for kadmin client
while initializing kadmin interface

The DNS setup is correct. The error happens at the following place in
the code:

src/lib/kadmin5/client_init.c: _kadm5_init_any() is called
kadm5_get_config_params() is called successfull and the the
REQUIRED_PARAMS check indicate that all required params are available.

Then kadm5_get_init_creds() is called. Inside of this function
kadm5_get_admin_service_name() is called only with the realm as
This function failed, because it calles internally
kadm5_get_config_params() but this time without the servername from
the commandline.

The result is, that if you want to use kadmin, you must configure the
admin_server in /etc/krb5.conf. Adding the servername via the
commandline does not work.
Got a comment on #kerberos IRC today:

10:13 <tobybl> Hello, does anyone know if the bug in is still
unfixed? It seems the case to me, but the code has changed a
fair bit since it was reported.

It does look like it might still be a problem. kadm5_get_admin_service_name() doesn't take a
params input, so it can't see the overridden ADMIN_SERVER config.