Gss-api Or Kerberos Error
Contents |
is RHEL. The kerberos packages were installed as rpm's. Setting Up Master KDC Server After the basic installation and configuration you can can not fetch master key (error: no such file or directory) test the master KDC by doing a kinit from the
Starting Kerberos 5 Kdc: Krb5kdc: Cannot Initialize Realm
command line on the master. [root@kdc1 ~]# kinit lance These are some of the errors you
File Exists While Creating Database '/var/kerberos/krb5kdc/principal'
may get. kinit(v5): Cannot contact any KDC for requested realm while getting initial credentials The application cannot find the kerberos server. Check firewall, DNS and /etc/hosts.
Can Not Fetch Master Key (error: No Such File Or Directory). While Initializing, Aborting
I had this error when /etc/hosts had: 127.0.0.1 kdc1.example.com localhost.localdomain localhost This was fixed by changing /etc/hosts to: 127.0.0.1 localhost.localdomain localhost 10.10.11.20 kdc1.example.com kdc1 Propagating Database to Slave KDC Servers Next you need to propagate the database from the master to the slaves. This is done by dumping the contents of the kadmin: cannot contact any kdc for requested realm while initializing kadmin interface database to file then using a combination of kprop on the master and kpropd on the slave to build the slave's database. [root@kdc1 ~]# kdb5_util dump /var/kerberos/krb5kdc/kdc.dump [root@kdc1 ~]# kprop -f /var/kerberos/krb5kdc/kdc.dump kdc2.example.com kprop: No route to host in call to connect while opening connection to kdc2.example.com The kerberos server cannot find the slave KDC. Check firewall. kpropd on the slave uses port 754/tcp by default. kprop: Connection refused in call to connect while opening connection to kdc2.example.com kpropd on the slave is not running or you are trying to connect to the wrong port (default 754/tcp). kprop: Server rejected authentication (during sendauth exchange) while authenticating to server Generic remote error: No such file or directory No keytab file on the slave KDC. Create principals for master (host/kdc1.example.com) and slave (host/kdc2.example.com) KDC's and add to keytab file. *Securely* copy keytab file from the master to the slave. kprop: Server rejected authentication (during sendauth exchang
Security ServicesPrevious: SEAM Administration Tool Error MessagesNext: Common Kerberos Error Messages (N-Z)Common Kerberos Error Messages (A-M) This section provides an alphabetical list (A-M) of common error kinit: cannot resolve servers for kdc in realm while getting initial credentials messages for the Kerberos commands, Kerberos daemons, PAM framework, GSS interface, kdb5_util: no such entry in the database while retrieving master entry the NFS service, and the Kerberos library. All authentication systems disabled; connection refused Cause: This version of krb5kdc: no such file or directory - while initializing database for realm rlogind does not support any authentication mechanism. Solution: Make sure that rlogind is invoked with the -k option. Another authentication mechanism must be used to access this host http://research.imb.uq.edu.au/~l.rathbone/ldap/kerberos.shtml Cause: Authentication could not be done. Solution: Make sure that the client is using Kerberos V5 mechanism for authentication. Authentication negotiation has failed, which is required for encryption. Good bye. Cause: Authentication could not be negotiated with the server. Solution: Start authentication debugging by invoking the telnet command with the toggle authdebug command and look at the http://docs.oracle.com/cd/E19253-01/816-4557/trouble-6/index.html debug messages for further clues. Also, make sure that you have valid credentials. Bad krb5 admin server hostname while initializing kadmin interface Cause: An invalid host name is configured for admin_server in the krb5.conf file. Solution: Make sure that the correct host name for the master KDC is specified on the admin_server line in the krb5.conf file. Bad lifetime value Cause: The lifetime value provided is not valid or incorrectly formatted. Solution: Make sure that the value provided is consistent with the Time Formats section in the kinit(1) man page. Bad start time value Cause: The start time value provided is not valid or incorrectly formatted. Solution: Make sure that the value provided is consistent with the Time Formats section in the kinit(1) man page. Cannot contact any KDC for requested realm Cause: No KDC responded in the requested realm. Solution: Make sure that at least one KDC (either the master or a slave) is reachable or that the krb5kdc daemon is running on the KDCs. Check
Threaded Open this post http://kerberos.996246.n3.nabble.com/kadmin-GSS-API-or-Kerberos-error-while-initializing-kadmin-interface-td14610.html in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ kadmin: GSS-API (or Kerberos) error while initializing kadmin interface Hi, Can somebody tell me why I can't use kadmin remotely? I no such can start kadmin on the kdc server by using "kadmin -O". But when I tried to use /usr/kerberos/sbin/kadmin from a client machine to visit the kerberos database, the error as the email title occured. [root@gcnode029 sbin]# klist no such file Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/[hidden email] Valid starting Expires Service principal 07/20/06 17:54:02 07/21/06 17:54:00 krbtgt/[hidden email] Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@gcnode029 sbin]# kadmin admin/admin Authenticating as principal