Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"We learn from history that we learn nothing from history." -- George Bernard Shaw

devel / comp.protocols.kerberos / kadmin not working after server migration, but kdc works

SubjectAuthor
o kadmin not working after server migration, but kdc worksWouter Verhelst

1
kadmin not working after server migration, but kdc works

<mailman.96.1663683571.8148.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=295&group=comp.protocols.kerberos#295

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: w...@uter.be (Wouter Verhelst)
Newsgroups: comp.protocols.kerberos
Subject: kadmin not working after server migration, but kdc works
Date: Tue, 20 Sep 2022 16:19:16 +0200
Organization: none
Lines: 26
Message-ID: <mailman.96.1663683571.8148.kerberos@mit.edu>
References: <YynL5A9eZog8XQNu@pc220518.home.grep.be>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="24038"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: kerberos@mit.edu
Authentication-Results: mit.edu;
dmarc=pass (p=none dis=none) header.from=uter.be
Authentication-Results: mit.edu; arc=pass smtp.remote-ip=18.7.73.15
ARC-Seal: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1663683568; cv=pass;
b=CSazle0vk1qOJIHgsDo1051abOZ+ZVXItiLvKfcqTZxSYiTjAYlLq8m4nxiDTJkUBcO/F744N+BPDUNVgRKgjDiMNlAJMbB2jaYs6WZSAeM7jjOAhP0/WfT+C4GTAZAUqDw4yhyTnejK/JzF2qdLNC8sFd7Df7ScparCmOb9i+L9oH1vl0mvZJoOupBIpgGNhWjyLiWOCro0mIm1KekmoX2QXbD/Re7yFUWGknctLbGOa2Hx7AY2DyzuXaznw5ZZ51r0CZwUuQ1nuSXf9ldHZOFuHZaDyReBnnhr8FKtqTIh30E/+IZ6Wbg6/m+FJQqy0sJ2BDtFKCbwIz77VSdeHg==
ARC-Message-Signature: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1663683568;
c=relaxed/relaxed; bh=e5F8X3bOD+VRD6OvY8BcxiuMTKvDvNxOSXyG+uaNeY4=;
h=DKIM-Signature:DKIM-Signature:Date:From:To:Subject:Message-ID:
MIME-Version;
b=kfyaEdfqU6xtfbWlIrrZ5C8ILhXQDCOOhVprUwekPw5UcsqkI15JRCuIIhcv5MNckF2StLMxsnQy2mAq4JA2kjhbqEZneSKusQSZbQEs68klvmscb/3dPXb0NxU62Qu7AtVEHnRtyeI9bXZjCMxUjSgB/iZUvUcEL4O/LPP0v+9H1K6QmsraV+UPlI4ZtmIAv6sM4e7SKE9xlrmJ8pOW5g1HIXvoREdI7s1NDRrITVSUOlxQoyFlDbq0Cw6msaXceZ5t7fGfU5tRtIWTr3nYZwmaqs2eIkEsoaIyjV7OveoVcu6pk1dlH1HChIt9WDUpvU55RQqQgw2uSs1OsyEAtg==
ARC-Authentication-Results: i=2; mit.edu; dkim=pass (1024-bit key)
header.d=mitprod.onmicrosoft.com header.i=@mitprod.onmicrosoft.com
header.b=gER2N9ig;
dkim=pass (2048-bit key) header.d=uter.be header.i=@uter.be header.b=NwuUx4im
Authentication-Results: mit.edu;
dkim=pass (1024-bit key) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.b=gER2N9ig;
dkim=pass (2048-bit key) header.d=uter.be header.i=@uter.be header.b=NwuUx4im
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=U6qFRP8wkTBqNwTEhhlFK1XhIWFYbINASIClH19TAMQOqfi3esMIAY6V/KT5T6mz/wN+DyBgweUAT421LvC7DD1U/5n5D4/y7JzS5GN2IdwFc30hchWfaPn7k2qkasZ6bq9rCi+zNAl3MGJOF90ihAOWflGLmefAWYD52IR+ASiGA3xzrRRGevOQxg8lr/Zl6YdMgLruRrGGRnF8wwAV4b469HI1FYKnxYfWQU1lcUvcQYdUhKiQg8y7TVG9td5ToUp4WVuu5WsyXGgYk4/VggOn1mp4PapgaNvd7TnJCpS9MwXT47I0u5IJekX5rb5EQskr4K3wGACx14XIziubhQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=e5F8X3bOD+VRD6OvY8BcxiuMTKvDvNxOSXyG+uaNeY4=;
b=UKZqxtYpAQxYQYSAMGfTWdFvMRS8Uafinv1jgnGk1oNCTQLxXrcczWpripplxjFztUHGMX3E715qD/64+AflCgMhrvX5+jAR3zb6M0mXAt+jERDtYFFr6ZSe2RAWIgKy6xC5TI8L5ESzXLnPJ64GF3hLo8LyIegwoPaB1mAcxPmWyjFjtbYxsieEHFMWF+spVld5cvad8Y9NgTnQy0CkR9lh7fgkOfhxaGX5CFIQDALYVQ3OWvn6xg0lBVg+vvEgsqZRAqujhveNUdFwMpR/x5gqEzzyTS8/gkutILTAfG5/0v0eQtg537o4l4VtpxhheDoIwvJbIAaCPo1ep0HpRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
144.76.219.42) smtp.rcpttodomain=mit.edu smtp.mailfrom=uter.be; dmarc=pass
(p=none sp=none pct=100) action=none header.from=uter.be; dkim=pass
(signature was verified) header.d=uter.be; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=e5F8X3bOD+VRD6OvY8BcxiuMTKvDvNxOSXyG+uaNeY4=;
b=gER2N9igUFOFAeYMKQFPgQzhkvRxZNWDUUgts+yzHic4vQIWQAzbJ5TFBIL2Xb0SPKIU+3dQSLk1UO+n/d+Ea17AN/2XyzuH1lwm5yfE8j2MYe6SNASPe/9oLTKa4nvZD4zZVT2JBEUgg8uWWDa4jitKqh4Za+3yTChmER+Jfi8=
Authentication-Results: spf=pass (sender IP is 144.76.219.42)
smtp.mailfrom=uter.be; dkim=pass (signature was verified)
header.d=uter.be;dmarc=pass action=none header.from=uter.be;
Received-SPF: Pass (protection.outlook.com: domain of uter.be designates
144.76.219.42 as permitted sender) receiver=protection.outlook.com;
client-ip=144.76.219.42; helo=lounge.grep.be; pr=C
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=uter.be;
s=2021.lounge; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date:
Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=e5F8X3bOD+VRD6OvY8BcxiuMTKvDvNxOSXyG+uaNeY4=; b=NwuUx4imt0r8ppeCHod9qEb7aQ
gQzmREyADkBNO5M58LLtXfsz8yrwpfliU7Ywuk2hfzXCDDt7T8OTUsJDjwRu71F1770nxiKJzbUS5
+8nlBmjH+5RWWZ54OrWF+LuD3TgXobBWk1xIEqaG8kOHDwo59R3eKDvlV1AxCTpFQMyg6e9b2JzPw
kwK0BuSOb/X03lIqJZVx5gda4dWS+fgoRwWVKVlJYBwAyuhePzZG7YvYFo14hhYEeHwi7/mYGGKoH
4QTFN3JQw4UHdFAAzqZMuJ69yBh8bB2XCfHlF5kFWQrJGKoZina9dP3oAp2hcs9G3jUsR+9RZaMFN
EA+u2TjQ==;
Content-Disposition: inline
X-Speed: Gates' Law: Every 18 months, the speed of software halves.
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL02EPF0000C406:EE_|SJ0PR01MB6495:EE_
X-MS-Office365-Filtering-Correlation-Id: 19341a51-f8d2-4b9e-c08e-08da9b131c7d
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: RtpAyYtTRRw7+sKs276Br+UXKEd6oil1gCv7XnQYSgm5gJ5Gt9YQJalf2TCMTGTanATT2LdgUbBdixV7rrWCL+BVezu4eKr7BJYrpT3MlbhM6gvuy2msKJX8exLMFg0tdp4gcx/q/f2gDcCEnf6GuuvluNhvA1yEa9MqiYoNztjB83rJUhFT5AqZAAWn+YslfaoE1d5pGcbxL8vpR4u1i7ND2dfrszQMFDIsr7IIWT0X03P6lc1oU/J4zp+JQ2c4nrH4HCdtG4SXUQywGyOxPCsTbd6m2lPK30bnLsM9RfPQo9XVxGQsrvtqVkdrGGlWe2qUgnNvJ7YRzcdFhxcO5KJ5zZ0JVoORwBWizBcZJI5udcXtvBqYq5WixwVHWrKSgc29XhHoPQvX6eIA6A4cEajAidafxISZGNSnBQzqiei8KKAuEkpldfs5/b4aGH8d6YQwQYVio810pUAAzqml/mQ/gyfc5+tA5IvsmUZEkySmIIQVjBdx3ajzI7L7drvLmeQ84f2tD6N5k6nChEuNLONGLY8WER+BI/52JZwwr8B1oN92AidOFdULe1XockcCq+MAxd/m7J73wLa7NtKQQo2AqRv7mx9zwq6Ovh08LkTGnuo99W9pDi2ZOOxz1D3Yget6ZTPuFETeAlm+CWxi39O3vBaaULJsYUpfYugz6V5WykRuy0gNRXpvbPD1MwjQhIsCC8mQciiXtz0ZYtimceJj6RxKPiyrWpM6XHotDeoiImB8M6U/gc1IWZzuo9wJFDO1tZSUiClVRl+vNzMesw==
X-Forefront-Antispam-Report: CIP:144.76.219.42; CTRY:DE; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:lounge.grep.be; PTR:lounge.grep.be; CAT:NONE;
SFS:(13230022)(4636009)(39860400002)(376002)(346002)(136003)(396003)(451199015)(36916002)(9686003)(26005)(70586007)(356005)(68406010)(5001810100001)(786003)(86362001)(7636003)(7596003)(336012)(83380400001)(426003)(8676002)(498600001)(2906002)(49246003)(316002)(4744005)(5660300002)(9786002)(9746002)(34206002)(88636004)(49092004);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Sep 2022 14:19:21.1033 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 19341a51-f8d2-4b9e-c08e-08da9b131c7d
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BL02EPF0000C406.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR01MB6495
X-OriginatorOrg: mitprod.onmicrosoft.com
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <YynL5A9eZog8XQNu@pc220518.home.grep.be>
 by: Wouter Verhelst - Tue, 20 Sep 2022 14:19 UTC

Hi,

A while ago, I migrated my personal server (containing a small Kerberos
realm) from my old (dedicated) server to a new one. When I decomissioned
the server, however, I forgot to check that kadmin was still working. It
turned out afterwards that it didn't.

I can log in to the server; "kinit" works just fine. However, kadmind
refuses to start, and when I run "kadmin.local", I get:

root@lounge ~ # kadmin.local
Authenticating as principal root/admin@GREP.BE with password.
kadmin.local: Required parameters in kdc.conf missing while initializing kadmin.local interface

....and I'm not sure how to fix this.

What did I do wrong? How can I debug this? How can I figure out which
parameters are missing?

Thanks for any insight,

--
w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}

I will have a Tin-Actinium-Potassium mixture, thanks.

devel / comp.protocols.kerberos / kadmin not working after server migration, but kdc works

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor