From owner-freebsd-questions Thu Feb 13 11:22:57 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E56A37B401 for ; Thu, 13 Feb 2003 11:22:56 -0800 (PST) Received: from jive.SoftHome.net (jive.SoftHome.net [66.54.152.27]) by mx1.FreeBSD.org (Postfix) with SMTP id 3559043F93 for ; Thu, 13 Feb 2003 11:22:55 -0800 (PST) (envelope-from temperanza@softhome.net) Received: (qmail 21519 invoked by uid 417); 13 Feb 2003 19:22:54 -0000 Received: from tap-.softhome.net (HELO jive.SoftHome.net) (172.16.2.22) by shunt-smtp-out-0 with SMTP; 13 Feb 2003 19:22:54 -0000 Received: (qmail 697 invoked by uid 417); 13 Feb 2003 19:22:54 -0000 Received: from adsl-63-194-84-111.dsl.snfc21.pacbell.net (HELO dsl-63-194-84-111.dsl.snfc21.pacbell.net) (63.194.84.111) by 192.168.0.30 with SMTP; 13 Feb 2003 19:22:54 -0000 Received: from tomoyo (localhost [127.0.0.1]) by Thu, 13 Feb 2003 11:22:54 -0800 (PST)dsl-63-194-84-111.dsl.snfc21.pacbell.net (8.12.7/8.12.6) with SMTP id h1DJMsHI012033 for ; Thu, 13 Feb 2003 11:22:54 -0800 (PST) (envelope-from temperanza@softhome.net) Date: Thu, 13 Feb 2003 11:22:54 -0800 From: La Temperanza To: questions@freebsd.org Subject: Help with Kerberos 5 setup Message-Id: <20030213112254.6c59e001.temperanza@softhome.net> X-Mailer: Sylpheed version 0.8.10 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, I'm a newbie to Kerberos trying to set it up at the suggestion of the handbook's "Securing FreeBSD" section. However, the Kerberos section is heavily biased towards version 4 and I'm not sure if it's leading me on the right track. I've figured out how to edit krb5.conf to set my realms, boot up kadmind and kdc in rc.conf, init the database using k5admin and stash my master key. However, when adding the two principals the handbook says are needed I get a few warning messages which I'm nervous about. kadmin> add --random-password passwd root/admin@SAKURA's Password: Max ticket life [unlimited]: Max renewable life [unlimited]: Principal expiration time [never]: Password expiration time [never]: Attributes []: root/admin@SAKURA's Password: k5admin: kadm5_create_principal: Client (root/admin@SAKURA) unknown added passwd@SAKURA with password `not4u2c' k5admin: adding passwd: Client not found in Kerberos database It looks like all I need to do is add myself in as a client somehow, but I'd like to be reassured that the handbook's setup instructions for Kerberos 4 are also the right ones under Kerberos 5. Can anyone do that, or help me through the correct setup procedure if it's different? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message