[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Remote kadmin not working on 0.7.2
I'm probably missing something obvious, (and probably it's something
I haven't thought to list here) but this isn't working:
Client side:
# /usr/heimdal/sbin/kadmin -p hotz
kadmin> get hotz
hotz@JPL.NASA.GOV's Password:
kadmin: get hotz: Server rejected authentication (during sendauth
exchange)
---
Server side kadmin.log:
2006-02-27T10:41:14 krb5_recvauth: End of file
---
Server side kdc.log:
2006-02-27T10:41:14 AS-REQ hotz@JPL.NASA.GOV from IPv4:128.149.197.37
for kadmin/admin@JPL.NASA.GOV
2006-02-27T10:41:14 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-
sha1-96
2006-02-27T10:41:14 Requested flags: renewable
2006-02-27T10:41:14 sending 649 bytes to IPv4:128.149.197.37
---
# kdc.conf
[kdc]
database = {
realm = JPL.NASA.GOV
mkey_file = /nobackup/m_key
}
kdc_warn_pwexpire = 1mo
require-preauth = false
enable-kerberos4 = true
v4-realm = JPL.NASA.GOV
enable-524 = true
enable-http = false
enable-kaserver = true
check-ticket-addresses = false
allow-null-ticket-addresses = true
---
# fgrep hotz kadmind.acl
hotz@JPL.NASA.GOV get,list
hotz/admin@JPL.NASA.GOV all
---
I have snoops that prove the client is talking to the test server,
not the production, even though they have the same realm name. I get
the same result with an encrypted vice decrypted master database
(which caused something similar for me on 0.6.3 once).
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu