KDC doesn't behave pproperly when client is running on other machine ? - Kerberos

This is a discussion on KDC doesn't behave pproperly when client is running on other machine ? - Kerberos ; Hi All, I am preparing an GSSAPI based SMTP client. My KDC and Sendmail SMTP server is running on m1.tesdomain.com. After configuaring krb5.conf and kdc.conf and applying principal for smtp service. When i run SMTP client on m1.testdomain.com it(RH8), it ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: KDC doesn't behave pproperly when client is running on other machine ?

  1. KDC doesn't behave pproperly when client is running on other machine ?

    Hi All,

    I am preparing an GSSAPI based SMTP client.
    My KDC and Sendmail SMTP server is running on m1.tesdomain.com.
    After configuaring krb5.conf and kdc.conf and applying principal for smtp
    service.
    When i run SMTP client on m1.testdomain.com it(RH8), it works well.
    But when i run SMTP client on m2.testdomain.com(RH FC4), after configuring
    my /etc/krb5.conf obviously, it fails (KDC crashes(
    Do i need to need to transter krb5.keytab on m2.testdomain.com to make it
    work ?
    But i think keytab is need only where service's server is running.
    Any pointer on what is going wrong ?


    Thanks & Regards,
    RSJ
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: KDC doesn't behave pproperly when client is running on othermachine ?

    Your KDC should not crash. I suggest you report a bug to your OS
    manufacturer. Alternatively, try building Kerberos from source. If
    that still crashes, you can work with MIT to report a bug to us.

    --Sam

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: KDC doesn't behave pproperly when client is running on othermachine ?

    Hi Sam,

    Thanks for your reply.
    I have built KDC from source as per your suggestion but KDC is still
    crashing for previous mentioned condition.
    Below are some configuration on both machines.
    Please tell me if you need more information.
    Also tell me for previous mentioned condition where KDC and SMTP server are
    running on the same machine (m1.testdomain.com), do i need to transfer the
    krb5.keytab file on the other machine (m2.testdomain.com) where GSSAPI based
    SMTP client is running ?


    m1.testdomain.com
    ================
    #uname -a, gives
    Linux m1.testdomain.com 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686
    i386 GNU/Linux
    My kerberos version is krb5-1.3.5.
    GSSAPI - VERSION
    libgssapi_krb5.so.2.2
    /etc/krb5.conf


    [libdefaults]
    default_realm = TESTDOMAIN.COM
    [realms]
    TESTDOMAIN.COM = {
    kdc = 107.108.81.221:88
    }
    [logging]
    kdc = FILE:/var/log/kerberos/krb5kdc.log
    admin_server = FILE:/var/log/kerberos/kadmin.log
    default = FILE:/var/log/kerberos/krb5lib.log

    [login]
    krb4_convert = false
    krb4_get_tickets = false

    /usr/local/var/krb5kdc/kdc.conf

    [kdcdefaults]
    kdc_ports = 88
    kadmind_ports = 749
    v4_mode = nopreauth
    [realms]
    TESTDOMAIN.COM = {
    database_name = /usr/local/var/krb5kdc/principal
    admin_keytab = /usr/local/var/krb5kdc/kadm5.keytab
    acl_file = /usr/local/var/krb5kdc/kadm5.acl
    dict_file = /usr/local/var/krb5kdc/kadm5.dict
    key_stash_file = /usr/local/var/krb5kdc/.k5stash
    kdc_ports = 88
    kadmind_port = 749
    max_life = 10h 0m 0s
    max_renewable_life = 7d 0h 0m 0s
    master_key_type = des-cbc-crc
    supported_enctypes = des-cbc-crc:normal des:v4
    }

    m2.testdmain.com
    ==============
    #uname -a, gives
    Linux m2.testdomain.com 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005
    i686 i686 i386 GNU/Linux
    Kerberos version on this machine is krb5-1.4.3
    GSSAPI - VERSION
    libgssapi_krb5.so.2.2

    /etc/krb5.conf

    [libdefaults]
    default_realm = TESTDOMAIN.COM
    [realms]
    TESTDOMAIN.COM = {
    kdc = 107.108.81.221:88
    default_domain = testdomain.com

    }

    [domain_realm]
    testdomain.com = TESTDOMAIN.COM
    .testdomain.com = TESTDOMAIN.COM

    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

    Thanks a lot for your help.

    Regards,
    RSJ

    On 4/28/06, Sam Hartman wrote:
    >
    > Your KDC should not crash. I suggest you report a bug to your OS
    > manufacturer. Alternatively, try building Kerberos from source. If
    > that still crashes, you can work with MIT to report a bug to us.
    >
    > --Sam
    >
    >

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread