Dan Million
2005-01-14 20:41:49 UTC
I've used Kerberos for a long time, but this is the first time I've
tried to create a KDC database from scratch using the instructions in
the Kerberos V5 Installation Guide.
I did a fairly vanilla build of r1.3.6 on AIX and installed it. From
section 4.1.1.4, "Create the Database":
# kdb5_util create -r MYREALM.ORNL.GOV -s
Program lacks support for key type while setting up enctype 0
Loading random data
Initializing database '/var/krb5/krb5kdc/principal' for realm
'MYREALM.ORNL.GOV',
master key name 'K/***@MYREALM.ORNL.GOV'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
create: Bad encryption type while transforming master key from password
It creates nothing. Seems like this ought to be a simple step. Any
thoughts on what I'm doing wrong? Below are my kdc.conf and krb5.conf.
kdc.conf:
[kdcdefaults]
kdc_ports = 88
[realms]
MYREALM.ORNL.GOV = {
acl_file = /var/krb5/krb5kdc/kadm5.acl
admin_keytab = /var/krb5/krb5kdc/kadm5.keytab
database_name = /var/krb5/krb5kdc/principal
kadmind_port = 749
kpasswd_port = 464
key_stash_file = /var/krb5/krb5kdc/.k5.MYREALM.ORNL.GOV
master_key_name = K/M
master_key_type = des3_cbc_sha1
max_life = 7d 0h 0m 0s
max_renewable_life = 7d 0h 0m 0s
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
kdc_supported_enctypes = des3-hmac-sha1:normal
des-cbc-crc:normal
}
krb5.conf:
[libdefaults]
default_realm = MYREALM.ORNL.GOV
default_keytab_name = /krb5/v5srvtab
ticket_lifetime = 2592000s
renew_lifetime = 2592000s
[realms]
MYREALM.ORNL.GOV = {
kdc = myhost.ornl.gov:88
admin_server = myhost.ornl.gov:749
}
[logging]
kdc = FILE:/var/krb5/log/krb5kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
default = FILE:/var/krb5/log/krb5lib.log
tried to create a KDC database from scratch using the instructions in
the Kerberos V5 Installation Guide.
I did a fairly vanilla build of r1.3.6 on AIX and installed it. From
section 4.1.1.4, "Create the Database":
# kdb5_util create -r MYREALM.ORNL.GOV -s
Program lacks support for key type while setting up enctype 0
Loading random data
Initializing database '/var/krb5/krb5kdc/principal' for realm
'MYREALM.ORNL.GOV',
master key name 'K/***@MYREALM.ORNL.GOV'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
create: Bad encryption type while transforming master key from password
It creates nothing. Seems like this ought to be a simple step. Any
thoughts on what I'm doing wrong? Below are my kdc.conf and krb5.conf.
kdc.conf:
[kdcdefaults]
kdc_ports = 88
[realms]
MYREALM.ORNL.GOV = {
acl_file = /var/krb5/krb5kdc/kadm5.acl
admin_keytab = /var/krb5/krb5kdc/kadm5.keytab
database_name = /var/krb5/krb5kdc/principal
kadmind_port = 749
kpasswd_port = 464
key_stash_file = /var/krb5/krb5kdc/.k5.MYREALM.ORNL.GOV
master_key_name = K/M
master_key_type = des3_cbc_sha1
max_life = 7d 0h 0m 0s
max_renewable_life = 7d 0h 0m 0s
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
kdc_supported_enctypes = des3-hmac-sha1:normal
des-cbc-crc:normal
}
krb5.conf:
[libdefaults]
default_realm = MYREALM.ORNL.GOV
default_keytab_name = /krb5/v5srvtab
ticket_lifetime = 2592000s
renew_lifetime = 2592000s
[realms]
MYREALM.ORNL.GOV = {
kdc = myhost.ornl.gov:88
admin_server = myhost.ornl.gov:749
}
[logging]
kdc = FILE:/var/krb5/log/krb5kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
default = FILE:/var/krb5/log/krb5lib.log