Hello,

I'm setting up a Debian server with kerberos and I'm having the following
error when I try to get a ticket: "Cannot contact any KDC for requested realm
while getting initial credentials".

Here are the steps I've taken so far:
1. # apt-get install libcomerr2 libkrb53 krb5-user krb5-kdc krb5-admin-server
krb5-config
2. Edit my /etc/krb5.conf and /etc/krb5kdc/kdc.conf (I'm attaching at the end)
3. #krb5_newrealm
4. Edit my /etc/krb5kdc/kadm5.acl
5. # kadmin.local -q "addprinc diego/admin"
6. # /etc/init.d/krb5-admin-server restart; /etc/init.d/krb5-kdc restart
7. kinit diego

Then I get the error message. When I use "# kinit -v diego" I get this error:
kinit(v5): No credentials cache found while validating credentials

Any help is more than welcome. Here are my configuration files:
--------------------------------------------------------------------------------------------------------------------
krb5.conf
--------------------------------------------------------------------------------------------------------------------
[logging]
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmin.log
default = FILE:/var/log/kerberos/krb5lib.log

[libdefaults]
ticket_lifetime = 24000
default_realm = SG.ORG.BR
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

[realms]
SG.ORG.BR = {
kdc = localhost:88
admin_server = localhost:749
default_domain = sg.org.br
}

[domain_realm]
.sg.org.br = SG.ORG.BR
sg.org.br = SG.ORG.BR

[kdc]
profile = /etc/krb5kdc/kdc.conf

[appdefaults]
pam = {
krb4_convert = false
forwardable = true
renewable = true
}


--------------------------------------------------------------------------------------------------------------------
kdc.conf
--------------------------------------------------------------------------------------------------------------------
[kdcdefaults]
kdc_ports = 750,88

[realms]
SG.ORG.BR = {
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
des:normal des:v4 des:norealm desnlyrealm des:afs3
default_principal_flags = +preauth
}


--------------------------------------------------------------------------------------------------------------------
kadm5.acl
--------------------------------------------------------------------------------------------------------------------
*/admin *
--------------------------------------------------------------------------------------------------------------------

--
Diego Lima
http://sg.homelinux.com:81

________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBFJGxRMQUVtGjCvrMRArjJAKCyrrqdMOib6HSNoLII72 tREMhYlACdFlod
W4yf9x56jFjhQNDnVoG2YEA=
=On4J
-----END PGP SIGNATURE-----