Skip Menu |
 

Subject: kadmin -s <server name> does not work
Download (untitled) / with headers
text/plain 1.1KiB
Version 1.6.3

krb5.conf:
[libdefaults]
dns_lookup_kdc = true
dns_lookup_realm = true

[realms]

[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON

If I call kadmin -s <servername> with the krb5.conf above I got the
following error:

Authenticating as principal root/admin@HACKWEEK.SITE with password.
kadmin: Missing parameters in krb5.conf required for kadmin client
while initializing kadmin interface

The DNS setup is correct. The error happens at the following place in
the code:

src/lib/kadmin5/client_init.c: _kadm5_init_any() is called
kadm5_get_config_params() is called successfull and the the
REQUIRED_PARAMS check indicate that all required params are available.

Then kadm5_get_init_creds() is called. Inside of this function
kadm5_get_admin_service_name() is called only with the realm as
parameter.
This function failed, because it calles internally
kadm5_get_config_params() but this time without the servername from
the commandline.

The result is, that if you want to use kadmin, you must configure the
admin_server in /etc/krb5.conf. Adding the servername via the
commandline does not work.
Got a comment on #kerberos IRC today:

10:13 <tobybl> Hello, does anyone know if the bug in
http://krbdev.mit.edu/rt/Ticket/Display.html?id=5890 is still
unfixed? It seems the case to me, but the code has changed a
fair bit since it was reported.

It does look like it might still be a problem. kadm5_get_admin_service_name() doesn't take a
params input, so it can't see the overridden ADMIN_SERVER config.