[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kpasswd failed to lookup password server from DNS SRV

To: heimdal-discuss@sics.se
Subject: Re: kpasswd failed to lookup password server from DNS SRV
From: John Mok <jmok@attglobal.net>
Date: Fri, 13 Jun 2008 13:13:33 +0800
In-Reply-To: <4E766B59-C6AC-4A41-A2E4-D005CDC38DAD@jpl.nasa.gov>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <4851C6D1.6060607@attglobal.net> <4E766B59-C6AC-4A41-A2E4-D005CDC38DAD@jpl.nasa.gov>
Reply-To: heimdal-discuss@sics.se, John Mok <jmok@attglobal.net>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)

Hi Henry,

Thanks for your reply.

It was a tpyo

@ bogus.example.com
_kerberos._udp IN SRV 1 0 88 kerberos.bogus.example.com
_kerberos._tcp IN SRV 1 0 88 kerberos.bogus.example.com
_kerberos-adm._tcp IN SRV 1 0 749 kerberos.bogus.example.com
_kpasswd._udp IN SRV 1 0 464 kerberos.bogus.example.com

I am using Heimdal 1.2. Since I could kinit the kerberos principal 
without setting the krb5.conf, I think the DNS discovery by SRV records 
is working fine. However, my problem is that I can change the password 
in kadmin but fail to change the password with kpasswd and the error 
message was  "kpasswd: krb5_set_password_using_ccache: unable to reach 
any changepw server in realm BOGUS.EXAMPLE.COM".

Is it a problem of DNS setting? or I have to add more SRV records in 
order to make it work?

Thanks a lot.

John Mok



Henry B. Hotz wrote:
> 
> On Jun 12, 2008, at 6:01 PM, John Mok wrote:
> 
>> Hi,
>>
>> I tried to setup Kerberos server with DNS discovery on Ubuntu 6.02.2 
>> LTS. The DNS SRV records for Kerberos discovery :-
>>
>> @ example.com
> 
> I think this should be @ bogus.example.com, unless that's a 
> transcription error.
> 
>> _kerberos._udp IN SRV 1 0 88 kerberos.bogus.example.com
>> _kerberos._tcp IN SRV 1 0 88 kerberos.bogus.example.com
>> _kerberos-adm._tcp IN SRV 1 0 749 kerberos.bogus.example.com
>> _kpasswd._udp IN SRV 1 0 464 kerberos.bogus.example.com
>>
>> I could dig the SRV records correctly, and I could kinit the kerberos 
>> principal on a remote host successfully. However, when I tried to 
>> change the password on the remote host, it failed and returned an 
>> error message  "kpasswd: krb5_set_password_using_ccache: unable to 
>> reach any changepw server in realm BOGUS.EXAMPLE.COM"
>>
>> I hope someone could advise if there is anything missing in my config?
>>
>> Thanks a lot.
>>
>> John Mok
>

Follow-Ups:
- Re: kpasswd failed to lookup password server from DNS SRV
  - From: Michael B Allen <miallen@ioplex.com>

References:
- kpasswd failed to lookup password server from DNS SRV
  - From: John Mok <jmok@attglobal.net>
- Re: kpasswd failed to lookup password server from DNS SRV
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: kpasswd failed to lookup password server from DNS SRV
Next by Date: Re: kpasswd failed to lookup password server from DNS SRV
Prev by thread: Re: kpasswd failed to lookup password server from DNS SRV
Next by thread: Re: kpasswd failed to lookup password server from DNS SRV
Index(es):
- Date
- Thread