[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kpasswdd configuration question

To: Love <lha@stacken.kth.se>
Subject: Re: kpasswdd configuration question
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 4 Mar 2004 01:49:34 -0800
Cc: heimdal-discuss@sics.se
In-Reply-To: <amznaxdx6v.fsf@nutcracker.stacken.kth.se>
References: <002501c40052$1f340e40$6501010a@C5043436><404489B4.12FD993A@anl.gov> <4044C857.30502@kzsdabas.sulinet.hu><4044E22B.3000405@kzsdabas.sulinet.hu><003701c40107$bdb39bc0$6501010a@C5043436> <4045DA5C.6D8FA58E@anl.gov><p05210602bc6bda284d48@[128.149.196.150]><am4qt5h93f.fsf@nutcracker.stacken.kth.se><p05210607bc6c22ed5b5e@[128.149.196.150]><amznaxdx6v.fsf@nutcracker.stacken.kth.se>
Sender: owner-heimdal-discuss@sics.se

At 5:59 AM +0100 3/4/04, Love wrote:
>"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
>
>>  I have an inetd.conf entry I cribbed from NetBSD on the Solaris 
>>machine, vis:
>>  kpasswd         dgram   udp             wait    root
>>  /usr/heimdal/libexec/kpasswdd   kpasswdd
>>  (ignore line wrap)
>>
>>  The man page is silent on the issue, but the web page notes say
>>  kpasswdd is not run from inetd.  Who's right?  NetBSD, or the web
>>  documentation, or does it depend?
>
>NetBSD kpasswdd is patched to allow running from inetd. this patch was
>never reintegratated in Heimdal. Heimdal requires you to run the the
>kpasswdd as a server process.

OK, that partially fixed the problem.  See below.

>  > The kpasswdd man page mentions a keytab, but it's not mentioned in the
>>  web docs.  Does the daemon need a keytab?  If so I presume it's the
>>  kadmin/changepw principal that needs to go in it?  (And where's the
>>  keytab on NetBSD since I'm sure I never created one there.)
>
>Yes, it for that reason. Default it reads the keytab from the "HDB:" keytab
>(ie the database itself).

Hmmm.  Translation problem, I think.

Do you mean:  Yes, you need a keytab.

or

Do you mean:  No, no keytab necessary, because it will read it from 
the main database.

>  >>Did kpasswdd log anything ?
>>
>>  I thought it was supposed to log the same default place as the kdc. I
>>  included that log.  Was there supposed to be more?
>
>Maybe, but I don't know where, it logs to the "kpasswd" log facility
>configuried in krb5.conf, or if its not, to syslog.
>
>Love

It's late, and I need to go.  But there is no info logged.  There is 
a default entry in the [logging] section, but I guess that's not 
used.  Nothing in /var/adm/messages, but maybe I can add something.

The SEAM kpasswd command now works, but the Heimdal one still gives 
the same error.  Probably should post the difference between the two 
krb5.conf files, but it's late.  More later.

Best guess is something to do with how 3des is handled at this point. 
I also have strange things with KfW getting two tgt's (a 1des and a 
3des) and wrong flags/expiration dates on them.  That's for a 
different list if it persists after fixing this problem.
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: kpasswdd configuration question
  - From: Love <lha@stacken.kth.se>

References:
- Kerberos IF_RELEVANT/PAC structure question
  - From: "Ronnie Sahlberg" <ronnie_sahlberg@ozemail.com.au>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: Gémes Géza <geza@kzsdabas.sulinet.hu>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: Gémes Géza <geza@kzsdabas.sulinet.hu>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: "Ronnie Sahlberg" <ronnie_sahlberg@ozemail.com.au>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: "Douglas E. Engert" <deengert@anl.gov>
- kpasswdd configuration question
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: kpasswdd configuration question
  - From: Love <lha@stacken.kth.se>
- Re: kpasswdd configuration question
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: kpasswdd configuration question
  - From: Love <lha@stacken.kth.se>

Prev by Date: Re: kpasswdd configuration question
Next by Date: Re: kpasswdd configuration question
Prev by thread: Re: kpasswdd configuration question
Next by thread: Re: kpasswdd configuration question
Index(es):
- Date
- Thread