Hello all, I'm having a problem setting up kerberos on an OpenBSD system. Please advise as you can.
Thanks! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- LEGEND (names changed for security) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- kdc = linux box, kdc and kerberos admin server krbc1 = krb5 client 1, linux, working krbc2 = krb5 client 1, openbsd, attempting to setup -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- First, let me note that the FAQ is inadequate for kerberos - to say the least. The heimdal info page doesn't have any thing useful, that I could find. As OpenBSD does things a bit differently, I hoped that those differences would be documented somewhere. Perhaps I just couldn't find it.... On krbc2 I've created the /etc/kerberosV/krb5.conf. Then on krbc1 I ran kadmin, logged in to kerberos as an admin principal, and performed the usual addprinc for the new host (addprinc -randkey host/krbc2). I then tested kinit on krbc2 and found it got a ticket without a problem. I then tried kadmin on krbc2, which doesn't work. It doesn't even bother with trying to get to the admin server. It just gives me a prompt 'kadmin>'. Perhaps that's an issue? Because of that, I was forced to create the keytab on krbc1 and scp it over to krbc2 and place it in /etc/kerberosV/: kadmin: ktadd -k /etc/kadm5.keytab.krbc2 host/krbc2 Entry for principal host/krbc2 with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/kadm5.keytab.krbc2. Entry for principal host/krbc2 with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/kadm5.keytab.krbc2. Entry for principal host/krbc2 with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/kadm5.keytab.krbc2. Entry for principal host/krbc2 with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/kadm5.keytab.krbc2. I then enabled kerberos for logins on krbc2 via /etc/login.conf [auth-defaults:auth=krb5-or-pwd:]. When I try to SSH to krbc2, I get the following error message in /var/log/authlog: "krb5-or-pwd: verify: Key table entry not found" Unfortunately, google is no help there: http://www.google.com/search?q=krb5-or-pwd:%20verify:%20Key%20table%20en try%20not%20found -- David Rogal Unix Systems Admin TelecityRedbus UK Limited 10th Floor 6&7 Harbour Exchange Square London E14 9GE United Kingdom Tel: +44 207 005 6018 Fax: +44 207 005 6060 Email: [EMAIL PROTECTED] www.telecityredbus.com Europe's leading independent provider of colocation, data centre, hosting and connectivity services. Winner Best Pan European Data Centre Operator Award 2007, Data Centres Europe Awards. TelecityRedbus UK Limited. Registered in England 3607764 Registered Office: Masters House, 107 Hammersmith Road, London W14 0QH UK. This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than the addressees of its existence or contents. please consider the environment before printing this e-mail.
