 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 6 Jan 2006 16:18:13 +0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Does any one have an idea why kinit does not work on SL 4.2 but does on 3.0.3? On 4.2 it just hangs, putting -V gives no output.
I have the same configuration file in /etc/krb5.conf on both machines which I append here. I got it from a D0 colleague and it has
worked ok for a few years.
# krb5conf v1_5 with afs on node d-002577dcg.dhcp.fnal.gov automatic update 31Aug2001
###
### This krb5.conf template is intended for use with Fermi
### Kerberos v1_2 and later. Earlier versions may choke on the
### "auth_to_local = " lines unless they are commented out.
### The installation process should do all the right things in
### any case, but if you are reading this and haven't updated
### your kerberos product to v1_2 or later, you really should!
###
[libdefaults]
ticket_lifetime = 1560
default_realm = FNAL.GOV
checksum_type = 1
ccache_type = 2
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
[realms]
PILOT.FNAL.GOV = {
kdc = krb-pilot-1.fnal.gov:88
kdc = krb-pilot-3.fnal.gov:88
kdc = krb-pilot-4.fnal.gov:88
kdc = krb-pilot-5.fnal.gov:88
admin_server = krb-pilot-admin.fnal.gov
default_domain = fnal.gov
# auth_to_local = RULE:[1:$1@$0](.*@FNAL\.GOV)[log in to unmask]*//
auth_to_local = DEFAULT
}
FNAL.GOV = {
kdc = krb-fnal-1.fnal.gov:88
kdc = krb-fnal-2.fnal.gov:88
kdc = krb-fnal-3.fnal.gov:88
kdc = krb-fnal-4.fnal.gov:88
kdc = krb-fnal-5.fnal.gov:88
kdc = krb-fnal-6.fnal.gov:88
admin_server = krb-fnal-admin.fnal.gov
default_domain = fnal.gov
# auth_to_local = RULE:[1:$1@$0](.*@PILOT\.FNAL\.GOV)[log in to unmask]*//
auth_to_local = DEFAULT
}
WIN.FNAL.GOV = {
kdc = newpckits.fnal.gov:88
admin_server = newpckits.fnal.gov
default_domain = fnal.gov
}
[instancemapping]
afs = {
cron/* = ""
cms/* = ""
}
[domain_realm]
.minos-soudan.org = FNAL.GOV
d-002577dcg.dhcp.fnal.gov = FNAL.GOV
fsus01.fnal.gov = FNAL.GOV
fsus03.fnal.gov = FNAL.GOV
fsus04.fnal.gov = FNAL.GOV
c243580-a.wheaton1.il.home.com = FNAL.GOV
# The whole "top half" is replaced during "ups installAsRoot krb5conf", so:
# It would probably be a bad idea to change anything on or above this line
# If you need to add any .domains or hosts, put them here
[domain_realm]
.ts.infn.it = PILOT.FNAL.GOV
.pi.infn.it = PILOT.FNAL.GOV
.physics.lsa.umich.edu = PILOT.FNAL.GOV
.phys.ttu.edu = PILOT.FNAL.GOV
[logging]
default = SYSLOG:ERR:AUTH
[appdefaults]
default_lifetime = 7d
retain_ccache = false
autologin = true
forward = true
forwardable = true
renewable = true
encrypt = true
krb5_aklog_path = /usr/krb5/bin/aklog
telnet = {
}
rcp = {
forward = false
encrypt = false
allow_fallback = true
}
rsh = {
allow_fallback = true
}
rlogin = {
allow_fallback = false
}
login = {
forwardable = true
krb5_run_aklog = true
krb5_get_tickets = true
krb4_get_tickets = false
krb4_convert = false
}
kinit = {
forwardable = true
krb5_run_aklog = true
}
rshd = {
krb5_run_aklog = true
}
ftpd = {
krb5_run_aklog = true
default_lifetime = 6h
}
[pam]
debug = false
ticket_lifetime = 100000
renew_lifetime = 100000
forwardable = true
krb4_convert = true
afs_cells = fnal.gov
|
|
|
