[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
confused about kadmin and kadmind
Hi all, I just started trying out heimdal.
It's compiled and installed (linux, 2.2.17 kernel, i686
arch).
I've set the realm to be the same as the DNS domain:
-- /etc/krb5.conf --
[libdefaults]
default_realm = HPCC.UH.EDU
[realms]
HPCC.UH.EDU = {
kdc = limey.hpcc.uh.edu
}
[domain_realm]
.hpcc.uh.edu = HPCC.UH.EDU
"limey.hpcc.uh.edu" is the server machine.
The kstash and kadmin init part appeared to work fine,
although where the documentation in
http://www.pdc.kth.se/heimdal/heimdal.html
shows
# ktutil list
Version Type Principal
1 des-cbc-md5 host/my.host.name@MY.REALM
I do not see the @MY.REALM part, just the hostname.
I start kdc on that machine with
# /usr/heimdal/libexec/kdc --config-file=/etc/krb5.conf
and then I try out kadmind, but:
# /usr/heimdal/libexec/kadmind --debug
kadmind: socket: Invalid argument
kadmind: bind: Address already in use
If I keep choosing a new port I get the first "Invalid
argument" message but it appears to run.
Any attempt to use kadmin (without -l) then produces
$ kadmin
kadmin> list tonyc (or whatever)
kadmin: tonyc@HPCC.UH.EDU: Bad krb5 admin server hostname
Can anyone point me on the right path? I could also do
with an example kadmind.acl file to look at, if someone
could be so kind: the documentation says
If a glob-pattern is given on a line, it restricts the
right for the principal to only apply for the subjects
that match the pattern.
What is a "subject" in this context? What exactly would I
be restricting?
thanks for any help
tony