Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Kerberos Authentication error
Top Forums UNIX for Dummies Questions & Answers Kerberos Authentication error Post 302905456 by Tomlight on Wednesday 11th of June 2014 04:13:11 PM
Old 06-11-2014
Kerberos Authentication error
Hi ,

I am trying to authenticate my id on client server with Kerberos and receiving below error


kinit rpagadala@BDC.soft.net
kinit: Cannot contact any KDC for realm 'BDC.soft.net' while getting initial credentials

Please find krb5.conf on the client server configuration which is same as the Kerberos master server .

Code:
 
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
[libdefaults]
 default_realm = BDC.soft.net ( this is just an example ) 
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = yes
[realms]
 BDC.soft.net = {
  kdc = server1:88
  kdc = server2:88
  admin_server = server1:749
  default_domain = soft.net
 }
[domain_realm]
 .soft.net = BDC.soft.net 
 soft.net = BDC.soft.net 
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false

 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Kerberos Authentication from Application

Hi, We've configured Kerberos to authenticate AIX 5.3 users with Active Directory and I now have to port an application written in C to the new security model. Currently, our users can login as normal and running a "klist" command reveals that they have been successfully granted a ticket. ... (2 Replies)
Discussion started by: phykell
2 Replies

2. Linux

IPSec using racoon w/ kerberos authentication

Hi, Anyone can point me a good link to setup IPSec using racoon IKE which uses gssapi_krb authentication method? I have a debain linux box and Windows 2003R2 system, and I want them to communicate using IPSec. Thanks, Emily. (0 Replies)
Discussion started by: egyfan
0 Replies

3. Programming

Kerberos Authentication c/c++

I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api. Can anyone point me in the right... (0 Replies)
Discussion started by: mshindo
0 Replies

4. Red Hat

PAM configuration: Kerberos authentication and NIS authorization problem

Hi, I've configured two linux boxes to authenticate against Windows Active Directory using Kerberos while retrieving authorization data (uids, gids ,,,)from NIS. The problem I ran into with my PAM configuration is that all authentication attempts succeed in order.i.e. if someone tried his... (0 Replies)
Discussion started by: geek.ksa
0 Replies

5. AIX

SSH and kerberos authentication problem AIX 5.3

I've configured an AIX 5.3 client to use our Windows AD for user authentication via Kerberos. When I try to ssh to the server using the AD credentials, I eventually get access but not after getting prompted for a password 3 times (which doesn't work) followed by an accepted login on the 4th... (3 Replies)
Discussion started by: jmroderick
3 Replies

6. Solaris

Rpcinfo: can't contact portmapper: RPC: Authentication error; why = Failed (unspecified error)

I have two servers with a fresh install of Solaris 11, and having problems when doing rpcinfo between them. There is no firewall involved, so everything should theoretically be getting through. Does anyone have any ideas? I did a lot of Google searches, and haven't found a working solution yet. ... (2 Replies)
Discussion started by: christr
2 Replies

7. Shell Programming and Scripting

How to automatically store/cache password for kerberos authentication

Hi All, I am currently writing script to get the details for lot of hosts from jump server. Means each and every time it will ssh to the host and get the information. To achieve that I need to automatically accept the password from Jump server to that main hosts. We are using kerberos password... (6 Replies)
Discussion started by: kamauv234
6 Replies

8. Shell Programming and Scripting

PERL and Kerberos authentication

I am installing Authen::Krb5::Easy and during make test I am getting the follwing error : kinit not ok 2 error was: could not get initial credentials: Cannot contact any KDC for requested realm we are stroring krb5.conf in diff location ( not in /etc/krb5.conf) , but, PERL is... (1 Reply)
Discussion started by: talashil
1 Replies

9. UNIX for Dummies Questions & Answers

Kerberos Utility Error Message

Hello All, I have below piece of code executing via shell script but for some reason even if the flag is set to KERBEROS_FLAG="N" It displays an message at the end of script execution. It should not call /usr/bin/kdestroy but looks like it is happening and this happens only for one application id... (4 Replies)
Discussion started by: Ariean
4 Replies

LEARN ABOUT OPENSOLARIS

kerberos

kerberos(5)						Standards, Environments, and Macros					       kerberos(5)

NAME

       kerberos - overview of Solaris Kerberos implementation

DESCRIPTION

       The  Solaris Kerberos implementation, hereafter sometimes shortened to "Kerberos," authenticates clients in a network environment, allowing
       for secure transactions. (A client may be a user or a network service.) Kerberos validates the identity of a client and the authenticity of
       transferred  data. Kerberos is a single-sign-on system, meaning that a user needs to provide a password only at the beginning of a session.
       The Solaris Kerberos implementation is based on the Kerberos(TM) system developed at MIT, and is compatible with Kerberos V5  systems  over
       heterogeneous networks.

       Kerberos  works	by  granting  clients  tickets,  which uniquely identify a client, and which have a finite lifetime. A client possessing a
       ticket is automatically validated for network services for which it is entitled; for example, a user  with  a  valid  Kerberos  ticket  may
       rlogin  into  another  machine running Kerberos without having to identify itself. Because each client has a unique ticket, its identity is
       guaranteed.

       To obtain tickets, a client must first initialize the Kerberos session, either by  using  the  kinit(1)	command  or  a	PAM  module.  (See
       pam_krb5(5)).  kinit  prompts for a password, and then communicates with a Key Distribution Center (KDC). The KDC returns a Ticket-Granting
       Ticket (TGT) and prompts for a confirmation password. If the client confirms the password, it can use the Ticket-Granting Ticket to  obtain
       tickets	for  specific network services. Because tickets are granted transparently, the user need not worry about their management. Current
       tickets may be viewed by using the klist(1) command.

       Tickets are valid according to the system policy set up at installation time. For example, tickets have a default lifetime for  which  they
       are  valid.  A policy may further dictate that privileged tickets, such as those belonging to root, have very short lifetimes. Policies may
       allow some defaults to be overruled; for example, a client may request a ticket with a lifetime greater or less than the default.

       Tickets can be renewed using kinit. Tickets are also forwardable, allowing you to use a ticket granted on one machine on a different  host.
       Tickets can be destroyed by using kdestroy(1). It is a good idea to include a call to kdestroy in your .logout file.

       Under Kerberos, a client is referred to as a principal. A principal takes the following form:

	 primary/instance@REALM

       primary	   A user, a host, or a service.

       instance    A  qualification  of  the  primary. If the primary is a host -- indicated by the keyword host-- then the instance is the fully-
		   qualified domain name of that host. If the primary is a user or service, then the instance is optional. Some instances, such as
		   admin or root, are privileged.

       realm	   The	Kerberos equivalent of a domain; in fact, in most cases the realm is directly mapped to a DNS domain name. Kerberos realms
		   are given in upper-case only. For examples of principal names, see the EXAMPLES.

       By taking advantage of the General Security Services API (GSS-API), Kerberos offers, besides user authentication, two other types of  secu-
       rity service: integrity, which authenticates the validity of transmitted data, and privacy, which encrypts transmitted data. Developers can
       take advantage of the GSS-API through the use of the RPCSEC_GSS API interface (see rpcsec_gss(3NSL)).

EXAMPLES

       Example 1 Examples of valid principal names

       The following are examples of valid principal names:

	      joe
	      joe/admin
	      joe@ENG.ACME.COM
	      joe/admin@ENG.ACME.COM
	      rlogin/bigmachine.eng.acme.com@ENG.ACME.COM
	      host/bigmachine.eng.acme.com@ENG.ACME.COM

       The first four cases are user principals. In the first two cases, it is assumed that the user joe is in the same realm as the client, so no
       realm  is  specified.  Note that joeand joe/admin are different principals, even if the same user uses them; joe/admin has different privi-
       leges from joe. The fifth case is a service principal, while the final case is a host principal. The word host is required for host princi-
       pals. With host principals, the instance is the fully qualified hostname. Note that the words admin and host are reserved keywords.

SEE ALSO

       kdestroy(1), kinit(1), klist(1), kpasswd(1), krb5.conf(4), krb5envvar(5)

       System Administration Guide: Security Services

NOTES

       In  previous releases of the Solaris operating system, the Solaris Kerberos implementation was referred to as the "Sun Enterprise Authenti-
       cation Mechanism" (SEAM).

       If you enter your username and kinit responds with this message:

	 Principal unknown (kerberos)

       you have not been registered as a Kerberos user. See your system administrator or the System Administration Guide: Security Services.

SunOS 5.11							    1 Oct 2008							       kerberos(5)
All times are GMT -4. The time now is 08:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy