Date: Mon, 15 Dec 2014 19:21:07 +1000 From: Da Rock <freebsd-questions@herveybayaustralia.com.au> To: freebsd-questions@freebsd.org Subject: krb5 issues Message-ID: <548EA803.3060208@herveybayaustralia.com.au>
next in thread | raw e-mail | index | archive | help
I'm playing around with kerberos and to cut a long story short I'm trying to get the mit krb working - has to be I'm afraid. I've built it from ports with ldap backend support, but after a lot of playing around I still can't get it to work and I'm tearing my hair out. Unfortunately krb5kdc is not very talkative or coherent either. I've already come across some areas where it says one thing yet means another, but I've now been over all this near 10 times now and even some imaginative speculation isn't resolving anything. What I have is this in my rc.conf (out of the handbook): kerberos5_server_enable="YES" kadmind5_server_enable="YES" kerberos5_server="/usr/local/sbin/krb5kdc" kadmind5_server="/usr/local/sbin/kadmind" kerberos5_server_flags="" And krb5.conf: [libdefaults] default_realm = <REALM> [realms] <REALM> = { kdc = <kerberos.server> admin_server = <kerberos.server> } [domain_realm] .<realm> = <REALM> And kdc.conf: [kdcdefaults] kdc_ports = 88 [realms] <REALM> = { kadmind_port = 749 max_life = 12h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = <encryption type> supported_enctypes = <encryption types> database_module = <database> } [logging] default = CONSOLE default = FILE:<log file that exists - mode 600> kdc = CONSOLE kdc = FILE:<log file that exists - mode 600> admin_server = FILE:<log file that exists - mode 600> [dbdefaults] [dbmodules] <database> = { db_library = kldap db_module_dir = /usr/local/lib/krb5/plugins/kdb/ disable_last_success = true ldap_kerberos_container_dn = <krbcontainer dn> ldap_kdc_dn = "<krb admin dn>" ldap_kadmind_dn = "<krb admin dn>" ldap_service_password_file = <file exists and appears to be coherent> ldap_servers = ldapi:// ldap_conns_per_server = 5 The error I get on the console when I run either krb5kdc directly or the rc script is: krb5kdc: cannot initialize realm <REALM> - see log file for details The log files simply refuse to give anything, and stubbornly remain empty. kldap exists and ldd seems to show that the library is included in the system as well. Anyone have anything or seen similar at some point? TIA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?548EA803.3060208>