请帮助了解我在做什么。
尝试通过kerberos连接:
kadmin -p root/admin
Password for root/admin@KRB5.COM:
kadmin: Incorrect password while initializing kadmin interface
在日志中:
Mar 22 13:26:35 server1.com krb5kdc[4015](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) ::1: SERVER_NOT_FOUND: root/admin@KRB5.COM for kadmin/localhost@KRB5.COM, Server not found in Kerberos database
Mar 22 13:26:55 server1.com krb5kdc[4015](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) ::1: ISSUE: authtime 1553275615, etypes {rep=18 tkt=18 ses=18}, root/admin@KRB5.COM for kadmin/admin@KRB5.COM
但是为什么呢? 我已经创建了该主机和用户,例如:
kadmin.local: addprinc -randkey server1.com/krb5.com
kadmin.local: ktadd server1.com/krb5.com
kadmin.local: addprinc root/admin
kadmin.local: ktadd root/admin
我错过了什么?
配置krb5.conf:
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt
default_realm = KRB5.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
KRB5.COM = {
kdc = server1.com
admin_server = server1.com
}
[domain_realm]
.krb5.com = KRB5.COM
krb5.com = KRB5.COM
kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
KRB5.COM = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}
kadmin.acl
*/admin@KRB5.COM *
P.S。主机名是server1.com 主机文件中的PS已添加localhost / server1.com的记录