[CentOS] help on kerberos5

Wed Mar 25 18:08:37 UTC 2009
Kanwar Ranbir Sandhu <m3freak at thesandhufamily.ca>

On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
> my domain name is===> baladia.local
> Windows 2003 AD server computer name is====> kmun
> 
> my /etc/krb5.conf file is
> 
> ----
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
>  ticket_lifetime=24000
>  default_realm=BALADIA.LOCAL
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
> 
> [realms]
>  BALADIA.LOCAL={
>   kdc=172.16.2.227:88
> #  admin_server=kmun.baladia.local:749
>   default_domain=BALADIA.LOCAL
>   kdc=BALADIA.LOCAL
>  }

You only need one kdc here.  Choose one, comment/delete the other.

> [domain_realm]
> .baladia.local=BALADIA.LOCAL
> baladia.local=BALADIA.LOCAL
> 
> kerberos  88/udp   kdc  # Kerberos key server
> kerberos  88/tcp   kdc  # Kerberos key server

What are these "kerberos" lines for? Why have you put them here? They
don't belong - comment/delete them.


> [kdc]
>   profile = /var/kerberos/krb5kdc/kdc.conf
> 
> [appdefaults]
>  pam = {
>    debug = false
>    ticket_lifetime = 36000
>    renew_lifetime = 36000
>    forwardable = true
>    krb4_convert = false
>  }

kinit should work after making the changes above.

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 
14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18