[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Solaris Binaries
thomasv@mac.com writes:
> HI Assar,
Hello again.
> Thanks for the binaries. I am running a Solaris 7 64-bit box with the
> latest patch's as of July 10, 2001 . I have the box setup as a AFS
> server. I stopped the kaserver instance, then started the heimdal kdc.
> When I try /usr/heimdal/bin/kinit admin , it errors out with:
>
> kerberos-iv/udp unknown service, using default port 750
> kinit: Can't send request (send_to_kdc)
> kinit: krb5_get_init-creds: unable to reach my KDC in realm
> TEST.APPLE.COM
You need to add some configuration information too, so that kinit will
figure out where your KDC is (which is the thing it's complaining
about), and converting the database.
Here'a a brief how-to converting from a kaserver to a heimdal KDC,
courtesy of Derrick J Brashear <shadow@dementia.org> with some minor
simplications by myself(this will also be added to the manual):
1. build heimdal
2. install heimdal
3. set up /etc/krb5.conf (putting in your values)
--Beginning of krb5.conf--
[libdefaults]
default_realm = YOUR.REALM
[realms]
YOUR.REALM = {
kdc = host.name.of.master
admin_server = host.name.of.master
default_domain = my.domain
v4_domains = my.domain
}
[domain_realm]
.my.domain = YOUR.REALM
[kdc]
enable-kerberos4 = true
enable-kaserver = true
enable-524 = true
[kadmin]
default_keys = v4 v5
--End of krb5.conf--
4. Create a master key on your master
# kstash
Master key:
Verifying password - Master key:
5. Create a krb5 database
# kadmin -l
init YOUR.REALM
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
The questions are a matter of policy. You have to decide what's appropriate.
6. Copy the database
# hprop --source=kaserver -c your.cell -r YOUR.REALM -R YOUR.REALM -n|hpropd -n
7. Start your KDC
Now you should be able to run both kinit and klog against your KDC.
Do tell us if you have mor problems or just more questions.
/assar