On 10/3/21 3:36 AM, Dan Mahoney (Gushi) wrote:
> We're in the process of rolling our mkey to get off 3des, and we found
> that someone in the before-times has put this line in our kdc.conf:
>
> master_key_type = des3-hmac-sha1
[...]
> Would things break if I just took this
Hey all,
We're in the process of rolling our mkey to get off 3des, and we found
that someone in the before-times has put this line in our kdc.conf:
master_key_type = des3-hmac-sha1
Obviously, that's not going to be the master key type of the new key, and
of course, I think when th
> Per kdc.conf(5), the kdc.conf file doesn't live in /etc; it lives
> somewhere else. (I put it at /var/kerberos/krb5kdc/kdc.conf in
You are right: strace showed that kdc.conf is not searched in /etc:
[root@host ~]# grep -e 'kdc\.' /tmp/strace.log
678 stat("
Ivan <19b5b6e5...@tiny-vps.com> writes:
>> Where is your kdc.conf file, and can you verify that krb5kdc is reading
>> it? The default location of kdc.conf is in the KDC data directory
>> (typically /var/krb5kdc), and you can explicitly set it with the
>> KRB5_KD
> Where is your kdc.conf file, and can you verify that krb5kdc is reading
> it? The default location of kdc.conf is in the KDC data directory
> (typically /var/krb5kdc), and you can explicitly set it with the
> KRB5_KDC_PROFILE environment variable.
Thank you for your reply and you
On 3/22/19 5:53 AM, Ivan wrote:
> [kdcdefaults]
> kdc_listen = 203.0.113.1:88
> kdc_tcp_listen = ""
This looks right. I just tried identical options (using my own IP
address) in a test setup and it worked for me.
> but these options are ignored:
Where is your
Hello.
I am new to installing and configuring [MIT] Kerberos. Version is 1.16.1.
My question is about a simple test setup of a kdc daemon on Linux OS.
Please tell me what settings I need to make in the kdc.conf file so that
the kdc-daemon runs the listening socket on:
1. The specified IPv4
On 11/03/2015 05:25 AM, Alexander Pánek wrote:
> I get that I’m probably not supposed to set this entry to anything but a
> valid absolute time, but it would be very helpful if kadmind actually told me
> that it’s not valid and also accepts the default value. Basically the error
> message tells
[1], kadmind
immediately aborts with the following error message:
> Required parameters in kdc.conf missing while initializing, aborting
The same error message is also printed when setting this config entry to its
default value 0.
I get that I’m probably not supposed to set this entry
On 07/27/2015 10:51 AM, Todd Grayson wrote:
> The question is; how much variation can be tolerated on the configuration
> of encryption type settings within the krb5.conf / kdc.conf
Only what is listed in the "Encryption types" table.
> I constantly see "clipped" v
The question is; how much variation can be tolerated on the configuration
of encryption type settings within the krb5.conf / kdc.conf
Generally speaking I'm using this as the reference for proper values to set;
(krb5.conf)
http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf
On 10/13/2014 06:45 AM, Giuseppe Mazza wrote:
> It seems to me that the tag kdc_supported_enctypes is not used in the
> file kdc.conf anymore:
[...]
> I had that tag in the configuration of my old kerberos server, but I
> have not added it in the new one.
>From a look at our
Dear All,
It seems to me that the tag kdc_supported_enctypes is not used in the
file kdc.conf anymore:
root@ubuntu1404:~# aptitude show krb5-kdc | grep Version
Version: 1.12+dfsg-2ubuntu5.2
root@ubuntu1404:~# zcat /usr/share/man/man5/kdc.conf.5.gz | grep
supported_enctypes
.B
On Thu, 2011-06-16 at 04:53 -0400, Frank Dornheim wrote:
> * Is the kdc.conf obsolete?
> * Which config is the winner by a misconfiguration?
> ' Which parts had to be in both configs (not the specific points -
> the topics)?
Prior to krb5 1.6, each setting had to be put in
Hi list,
i asked my questions yesterday the irc (#kerberos at freenode) but i
didn't get a full answer.
FIrst, i have a full working system. ;) I use Kerberos with a openLDAP backend.
At a review of my system i found several spelling errors (configs are
at the end of this mail) in the kdc
arify, since I think there's a slight misunderstanding:
krb5kdc, kadmind, kadmin.local, kdb5_util, and kpropd will already check
for settings in both krb5.conf and kdc.conf. kdb5_ldap_util should
check in both places, but doesn't; that oversight
From an administrative standpoint I would prefer to maintain the
separation.
I like being able to have one krb5.conf file that is common to all my
clients (including the kdcs themselves) and then a kdc.conf file that is
only for my krb5kdc processes.
I agree however that I can create a krb5
On Sat, 2010-09-25 at 04:32 -0400, Mark Pröhl wrote:
> So my question is: is the configuration of KDC LDAP parameters in
> kdc.conf supported by MIT?
> (And should the documentation be fixed?)
I don't have a full understanding of the history here, but I believe
there used to be a
, it looks like a bug in the way kdb5_ldap_util initializes
> its krb5 context. I'm surprised it hasn't come up before. It should be
> easy to fix.
>
> A workaround is to set
> KRB5_CONFIG=/etc/krb5.conf:/var/lib/kerbero
Thanks for the amazingly quick reply.
It likely only affects people doing initial domain setup or
modification. Once the kdc is running everything works normally with
the settings in kdc.conf
It works nicely with the environment variable and I will add this to our
wiki until the bug is
I'm surprised it hasn't come up before. It should be
easy to fix.
A workaround is to set
KRB5_CONFIG=/etc/krb5.conf:/var/lib/kerberos/krb5kdc/kdc.conf while
running kdb5_ldap_util.
Kerberos mailing list Kerberos@mit.edu
https://ma
Good afternoon
I am wondering if there is a reason that the kdb5_ldap_util is ignoring
the configuration I have for my kdc in
/var/lib/kerberos/krb5kdc/kdc.conf and instead looking for it in
/etc/krb5.conf.
From what I understand the /etc/krb5.conf contains mostly client
settings and
Mark Sellers wrote:
> It's finding my kdc.conf without this entry. I know this because
> I can add garbage to my kdc.conf and it will fail to parse it.
> However, just to be sure, I added the [kdc] section with a
> profile key, and I receive the same error.
>
> I read in
anted (i.e. /etc/krb5kdc), then it worked fine.
The interesting aspect is that strace (and other mechanisms) all
reported that the krb5.conf and kdc.conf files were being found and
read.
So thanks for the input. For all of Debian's stengths, this wasn't
one of them ;-( I'm stil
dc/principal' for realm 'FOO',
> master key name 'K/[EMAIL PROTECTED]'
> You will be prompted for the database Master Password.
> It is important that you NOT FORGET this password.
> Enter KDC database master key:
> Re-enter KDC database master key to verify
>kdb5_util: Required parameters in kdc.conf missing while initializing
>the Kerberos admin interface
Unfortunately, many times with these errors, it's UTSL.
There is only one place where this error is returned. It's in
lib/kadm5/srv/server_init.c. Reading this, here is the
name 'K/[EMAIL PROTECTED]'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_util: Required parameters in kdc.conf missing while initializing
the
the output:
>
> Authenticating as principal root/[EMAIL PROTECTED] with password.
> kadmin.local: Required parameters in kdc.conf missing while
> initializing kadmin.local interface
>
> From what I can tell, all of this looks correct .. except for the
> damned "missing
where I first noticed the error when I tried to add the
admin keytab. Here's the output:
Authenticating as principal root/[EMAIL PROTECTED] with password.
kadmin.local: Required parameters in kdc.conf missing while
initializing kadmin.local interface
>From what I can tell, all of this looks
Okay, maybe we should backtrack, let me ask some questions about your
entire kerberos setup. Have you created the realm principal with
kdb5_util, and have you added an admin principal? Also have you created
the kadm5.acl file and added a keytab for the kadmin principals?
__
You should make sure that the default_realm in your krb5.conf matches
the realm in your kdc.conf exactly. Alternatively, start your kdc and
admin server with the -r argument and specify the realm.
Kerberos mailing list [EMAIL PROTECTED
Mark Sellers wrote:
> It's finding my kdc.conf without this entry. I know this because
> I can add garbage to my kdc.conf and it will fail to parse it.
> However, just to be sure, I added the [kdc] section with a
> profile key, and I receive the same error.
>
> I read in
Thanks, Bob, but none of those suggestions worked. I even took
the time to systematically add all options to both the krb5.conf
and kdc.conf files to see what it was missing, and kadmind is
still complaining.
The only thing I can figure now is that there's some special
option required bas
Mark Sellers wrote:
> I am getting the following Kerberos 5 error:
>
> kadmind: Required parameters in kdc.conf missing while
> initializing, aborting
>
> I have tried all the obvious things like reading man pages, admin
> guides, and searching the web for examples. I hav
It's finding my kdc.conf without this entry. I know this because
I can add garbage to my kdc.conf and it will fail to parse it.
However, just to be sure, I added the [kdc] section with a
profile key, and I receive the same error.
I read in some news post that the error could also app
I am getting the following Kerberos 5 error:
kadmind: Required parameters in kdc.conf missing while
initializing, aborting
I have tried all the obvious things like reading man pages, admin
guides, and searching the web for examples. I have also tried
plenty of trial and error, but to no avail
on FreeBSD.
My /etc/make.conf says:
KRB5_HOME= /usr/local/krb5
/etc/defaults/make.conf points to just /usr/local/, though. In my case I
over-ride it because it makes my $PATH ordering easier.
The security/krb5 port reads that variable in order to determine where
to install it's files. So on
>
> > quoting the install guide in the krb51-3.3 distribtion from MIT
> >
> > "The kdc.conf file contains KDC configuration information, including
> > defaults used when issuing Kerberos tickets. Normally, you should
install
> > your kdc.conf file in the dire
Are you unable to create the path /usr/local/var/krb5kdc ?
Graham Turner wrote:
> Dear all,
>
> quoting the install guide in the krb51-3.3 distribtion from MIT
>
> "The kdc.conf file contains KDC configuration information, including
> defaults used when issuing Kerberos
Dear all,
quoting the install guide in the krb51-3.3 distribtion from MIT
"The kdc.conf file contains KDC configuration information, including
defaults used when issuing Kerberos tickets. Normally, you should install
your kdc.conf file in the directory /usr/local/var/krb5kdc. You can ove
gives
Jon> me required paramaters in kdc.conf missing..??? i just
Jon> edited the default kdc file that was already there, then i
Jon> tried adding a couple like database_name and max_life and
Jon> max_renewable_life but that didnt fix the problem, what line
Jon> am
put together a mit kerberos server today (Redhat dist) and after I got
everything configured etc, i ran the services and they started fine, but if
i try to login to kadmin it gives me required paramaters in kdc.conf
missing..??? i just edited the default kdc file that was already there,
then i
42 matches
Mail list logo
