From owner-freebsd-questions Thu Feb 17 7:16:45 2000 Delivered-To: freebsd-questions@freebsd.org Received: from loki.iss.net (loki.iss.net [208.21.0.3]) by hub.freebsd.org (Postfix) with ESMTP id 6199A37B77A for ; Thu, 17 Feb 2000 07:16:34 -0800 (PST) (envelope-from andrew@networkcomputerz.com) Received: from networkcomputerz.com (aotwell.iss.net [208.21.3.106]) by loki.iss.net (8.9.3/8.9.3) with ESMTP id KAA13078; Thu, 17 Feb 2000 10:16:26 -0500 Message-ID: <38AC111B.CD593D08@networkcomputerz.com> Date: Thu, 17 Feb 2000 10:17:47 -0500 From: Andrew Otwell X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brad Guillory , "freebsd-questions@FreeBSD.ORG" Subject: Re: kerberosIV References: <38AB5833.89A2F51A@networkcomputerz.com> <20000216212840.A47599@baileylink.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG For starters... (my apologies for pine readers - inetd lines listed below will wrap terribly) 1. man inetd or inetd.conf makes no mention of kerberos and man kerberos makes no mention of inetd (then why are there entries in inetd????). Shall the kerbDB run as a full time daemon without inetd calls - probably or definitely. 2. man kinit, first para, references man 1 kerberos for "registering as a kerberos user" but man 1 kerberos doesn't tell you how - literally tell you what to type. This is why I was looking for a www.freebsddiary.org type install guide. So I continue ..... with the belief that inetd is used. I commented out the following lines but my system doesn't have rkinitd, registerd, or kpasswdd. Shall I use the source and make, make install from the /usr/src/....kerberosIV/???? No mention of installation anywhere in the handbook. # Kerberos authenticated services # klogin stream tcp nowait root /usr/libexec/rlogind rlogind -k eklogin stream tcp nowait root /usr/libexec/rlogind rlogind -k -x kshell stream tcp nowait root /usr/libexec/rshd rshd -k rkinit stream tcp nowait root /usr/libexec/rkinitd rkinitd # # Services run ONLY on the Kerberos server # ###krbupdate stream tcp nowait root /usr/libexec/registerd registerd ###kpasswd stream tcp nowait root /usr/libexec/kpasswdd kpasswdd Regarding /etc/auth.conf - my system(s) didn't even have pam_kerberosIV.so in /usr/lib. My system(s) only have pam_cleartext_pass_ok, pam_deny, pam_permit, pam_radius, pam_skey, pam_ssh, pam_tacplus, pam_unix (DES???). Again, I could use some install tips in the handbook for this. I'm probably suffering from option overload. If kerberos consists of /etc/kerberosIV/, kdb_init, kstash, kdb_edit ..., ext_srvtab and moveit and chmod 600, kdb_edit username, kerberos &, kadmind -n &, then my system(s) - and I - are broken. It's probably me but I can't see the forest for the trees. The man page for kdb_edit is pretty scary. I would hope to see all the available principals and instances (example - man rc.conf or smb.conf) - maybe I'm just not pay attention to the obvious here. BTW, ipfw is wide open on my test systems, as well as inetd, and safely tucked away from the script kiddies (and ATHENA - is this part of the problem?). When I launch kerberos & and kadmind -n and as the user, run kinit username, all I get is bashprompt$ kinit username Kerberos Initialization for "username" Password: kinit: Principal expired (kerberos) bashprompt$ ps ax snip 2625 p0 I 0:00.02 kerberos 2626 p0 I 0:00.01 kadmind -n snap ========================================= Brad Guillory wrote: > > What type of problems are you having? I am sure that several here would > be happy to help. BMG > > On Wed, Feb 16, 2000 at 09:08:51PM -0500, Andrew Otwell wrote: > > Where is the official installation->manual for kerberosIV on FreeBSD???? > > The handbook shows a picture perfect step by step that does not work for > > me. > > > > Looked in www.freebsddiary.org, www.freebsddiary.org, > > www.freebsd.org/tutorials - faq - handbook > > > > We have /etc/auth.conf, /etc/kerberosIV/...., > > /usr/lib/pam_kerberosIV.so, /etc/inetd.conf (much less > > /etc/hosts.allow), and there's probably many more config files involved. > > > > I swear on the holy grail that I'll publish a complete how-to if someone > > would point me in the right direction. > > > > -- > > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ > > Andrew T. Otwell, Network Administrator > > andrew@networkcomputerz.com, 678.363.8491 > > http://www.NetworkComputerz.com > > yank GnuPG DSS key from hkp://pgpkeys.mit.edu > > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message