Kadmin requires additional setup, the error you got indicates that you did not configure kadm5.acl to specify what principals have what access levels.
It also sounds like you did not configure the keytab on slaves properly. You should review the exact configuration steps you followed vs. what the install guide actually documents. -----Original Message----- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of George Lin Sent: Wednesday, January 13, 2016 3:53 AM To: kerberos@mit.edu; krb5-b...@mit.edu Cc: jiaxin...@live.com Subject: Even following kerberos5.1-14's installing guide, there are two stange problems. Importance: High Dear Kerberos5.1-14 pioneers, My name is Georgelin, I am just trying to install kerberos5.1-14 by following the package's installing guides, but there are two stange problems that I couldn't find a solution by google or other search engin: My Kerberos's architecture is : one is a master KDC whose address is master.example.com, the other is a switchable slave KDC whose address is slave.example.com, and the realm is MASTER.EXAMPLE.COM . And of course I have installed the DNS, ntp server and other required package except there is no xined.conf in OS of Ubuntu14.04 1st problem: when adding host principal for each of the KDCs’ host services, I can not use the installing guide's saying of kadmin command, but I can use kadmin.local command to add, why? I have check these two commands' file permission, they are the same, and even I move kadmin to the same folder as kadmin.local, kadmin still cann't add host principal, the error message said "add_principal: Operation requires ``add'' privilege while creating "host/master.example....@master.example.com"". 2nd problem: when I use kadmin.local to add two hosts' principal and follow "Configure slave KDCs" in the install.html guide, and when I execute "kprop -f /usr/local/var/krb5kdc/13ForSlaveData slave.example.com" or even "sudo kprop -d -r MASTER.EXAMPLE.COM -f /usr/local/var/krb5kdc/13ForSlaveData -s /etc/krb5.keytab slave.example.com ", I only got a fail message of "kprop: Key table entry not found while getting initial credentials" and without other debug messages. And because I could not get correct answers by google or by baidu, so I have to write to you. Would you like to help me to solve these problems or give me a more feasible installing guide for a totally successfully installing Kerberos 5.1-14? I would very appreciate your help! Sincerely, yours, Georgelin ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
