example krb5.conf file for krb5-1.6-beta1 - Kerberos

This is a discussion on example krb5.conf file for krb5-1.6-beta1 - Kerberos ; Hello, I'm trying to get the LDAP backend for krb5 to work. However, I keep getting krb5kdc: Invalid argument - while initializing database for realm LINUX.TRG. I was able to create a skeleton database going in ldap using the kdb5_ldap_util. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: example krb5.conf file for krb5-1.6-beta1

  1. example krb5.conf file for krb5-1.6-beta1

    Hello,

    I'm trying to get the LDAP backend for krb5 to work. However, I keep
    getting krb5kdc: Invalid argument - while initializing database for
    realm LINUX.TRG.

    I was able to create a skeleton database going in ldap using the
    kdb5_ldap_util.

    Is it possible to see a complete krb5.conf and kdc.conf example with
    ldap backend ? Here is mine:


    ---- kdc.conf --------------------------------
    [kdcdefaults]
    kdc_ports = 750,88

    [realms]
    LINUX.TRG = {
    # database_name = /var/krb5kdc/principal
    # admin_keytab = FILE:/var/krb5kdc/kadm5.keytab
    acl_file = /etc/kadm5.acl
    key_stash_file = /var/lib/krb5kdc/.k5.LINUX.TRG
    kdc_ports = 750,88
    max_life = 10h 0m 0s
    max_renewable_life = 7d 0h 0m 0s
    }

    ---- krb5.conf --------------------------------
    [libdefaults]
    default_realm = LINUX.TRG

    [realms]
    LINUX.TRG = {
    admin_server = 192.168.225.3:749
    database_module = ldapconf
    }

    [domain_realm]
    .linux.trg = LINUX.TRG
    linux.trg = LINUX.TRG

    [logging]
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmin.log
    default = FILE:/var/log/krb5lib.log

    [dbdefaults]
    database_module = ldapconf

    [dbmodules]
    ldapconf = {
    db_library = kldap
    ldap_kerberos_container_dn =
    ou=kerberos,dc=linux,dc=trg
    ldap_kdc_dn = cn=Manager,dc=linux,dc=trg
    ldap_kadmind_dn = cn=Manager,dc=linux,dc=trg
    ldap_server = ldaps://gentoo-server-1.linux.trg
    }


    Thanks,

    Manfred


  2. Re: example krb5.conf file for krb5-1.6-beta1

    I've found some documentation from Novell that seems very similar and
    that helped me.

    One final question: I don't really see why the dbmodules section is in
    krb5.conf and not in kdc.conf. Is kdc.conf still used or is it a legacy
    thing ? If it is still used, why wasn't dbmodules not included in that
    file ? Isn't the database something specific for the kdc ? I indended
    to use the same krb5.conf file for my server and my clients. However,
    my client's don't need to see the information regarding the dbmodules.

    Thanks,

    Manfred.

    On Dec 20, 9:10 pm, "Manfred Haelters"
    wrote:
    > Hello,
    >
    > I'm trying to get the LDAP backend for krb5 to work. However, I keep
    > getting krb5kdc: Invalid argument - while initializing database for
    > realm LINUX.TRG.
    >
    > I was able to create a skeleton database going in ldap using the
    > kdb5_ldap_util.
    >
    > Is it possible to see a complete krb5.conf and kdc.conf example with
    > ldap backend ? Here is mine:
    >
    > ---- kdc.conf --------------------------------
    > [kdcdefaults]
    > kdc_ports = 750,88
    >
    > [realms]
    > LINUX.TRG = {
    > # database_name = /var/krb5kdc/principal
    > # admin_keytab = FILE:/var/krb5kdc/kadm5.keytab
    > acl_file = /etc/kadm5.acl
    > key_stash_file = /var/lib/krb5kdc/.k5.LINUX.TRG
    > kdc_ports = 750,88
    > max_life = 10h 0m 0s
    > max_renewable_life = 7d 0h 0m 0s
    > }
    >
    > ---- krb5.conf --------------------------------
    > [libdefaults]
    > default_realm = LINUX.TRG
    >
    > [realms]
    > LINUX.TRG = {
    > admin_server = 192.168.225.3:749
    > database_module = ldapconf
    > }
    >
    > [domain_realm]
    > .linux.trg = LINUX.TRG
    > linux.trg = LINUX.TRG
    >
    > [logging]
    > kdc = FILE:/var/log/krb5kdc.log
    > admin_server = FILE:/var/log/kadmin.log
    > default = FILE:/var/log/krb5lib.log
    >
    > [dbdefaults]
    > database_module = ldapconf
    >
    > [dbmodules]
    > ldapconf = {
    > db_library = kldap
    > ldap_kerberos_container_dn =
    > ou=kerberos,dc=linux,dc=trg
    > ldap_kdc_dn = cn=Manager,dc=linux,dc=trg
    > ldap_kadmind_dn = cn=Manager,dc=linux,dc=trg
    > ldap_server = ldaps://gentoo-server-1.linux.trg
    > }
    >
    > Thanks,
    >
    > Manfred



+ Reply to Thread