Kerberos questions

[Anonymous]

I don’t uderstand what is happening here.
1. If I set up a standard MIT Kerberos:
kerberosautoconfig -r REALM.ORG -m host.realm.org
kdcsetup -w -a adminname -p adminpasswd REALM.ORG
KDC will start.
But when I try to invoke “kadmin” I get an error that the Client is not registered in the Kerberos database. However, kadmin.local does work.

2. If I use the “Apple” suggested set up:
kerberosautoconfig -r REALM.ORG -m host.realm.org
kdcsetup -f /LDAPv3/127.0.0.1-w -a adminname -p adminpasswd
It appears that no Kerberos directory and files are written so KDC will not start.

The DNS services are running

[rpeskin]

The server was originally set up as standalone with no DNS and no fqdn. We wanted to set up a test intranet, so I started DNS, set a fqdn, and modified the /Library/Preferences/edu.mit.Kerberos to reflect the new REALM. I then set OpenDirectory to an OD Master role.

I started Kerberos manually (since KDC was not running) using the standard MIT setup. KDC started and I could use kinit, and kadmin.local. Using kadmim gave the “client not registered” error.

I then reinstalled Kerberos manually using the “Apple” setup. In this case KDC didn’t start (as detailed in my original message).

[Author]

Posts