[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

confused about kadmin and kadmind



Hi all, I just started trying out heimdal.

It's compiled and installed (linux, 2.2.17 kernel, i686
arch).

I've set the realm to be the same as the DNS domain:

        -- /etc/krb5.conf --
        [libdefaults]
                default_realm = HPCC.UH.EDU
        [realms]
                HPCC.UH.EDU = {
                        kdc = limey.hpcc.uh.edu
                }
        [domain_realm]
                .hpcc.uh.edu = HPCC.UH.EDU

"limey.hpcc.uh.edu" is the server machine.

The kstash and kadmin init part appeared to work fine,
although where the documentation in

    http://www.pdc.kth.se/heimdal/heimdal.html

shows

    # ktutil list
    Version  Type             Principal
         1   des-cbc-md5      host/my.host.name@MY.REALM

I do not see the @MY.REALM part, just the hostname.


I start kdc on that machine with

        # /usr/heimdal/libexec/kdc --config-file=/etc/krb5.conf

and then I try out kadmind, but:

        # /usr/heimdal/libexec/kadmind --debug
        kadmind: socket: Invalid argument
        kadmind: bind: Address already in use

If I keep choosing a new port I get the first "Invalid
argument" message but it appears to run.

Any attempt to use kadmin (without -l) then produces

        $ kadmin
        kadmin> list tonyc                      (or whatever)
        kadmin: tonyc@HPCC.UH.EDU: Bad krb5 admin server hostname

Can anyone point me on the right path?  I could also do
with an example kadmind.acl file to look at, if someone
could be so kind: the documentation says

    If a glob-pattern is given on a line, it restricts the
    right for the principal to only apply for the subjects
    that match the pattern.

What is a "subject" in this context?  What exactly would I
be restricting?

thanks for any help
tony