 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Fri, 6 Jan 2006 11:00:16 -0600 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
There are two possibilities that I see, there may be others.
First - You have firewall turned on enough that it isn't working with
kerberos. But to be honest, I thought that in S.L. 4.x the firewall was
working good enough that that isn't a problem.
Or, there might be a firewall somewhere between you and the Fermilab KDC's.
Second - You have java's kinit in your path somewhere. Do a
which kinit
to see which one you are really using.
Troy
Alex Finch wrote:
> Does any one have an idea why kinit does not work on SL 4.2 but does
> on 3.0.3? On 4.2 it just hangs, putting -V gives no output.
>
>
> I have the same configuration file in /etc/krb5.conf on both machines
> which I append here. I got it from a D0 colleague and it has worked ok
> for a few years.
>
>
> # krb5conf v1_5 with afs on node d-002577dcg.dhcp.fnal.gov automatic
> update 31Aug2001
> ###
> ### This krb5.conf template is intended for use with Fermi
> ### Kerberos v1_2 and later. Earlier versions may choke on the
> ### "auth_to_local = " lines unless they are commented out.
> ### The installation process should do all the right things in
> ### any case, but if you are reading this and haven't updated
> ### your kerberos product to v1_2 or later, you really should!
> ###
> [libdefaults]
> ticket_lifetime = 1560
> default_realm = FNAL.GOV
> checksum_type = 1
> ccache_type = 2
> default_tgs_enctypes = des-cbc-crc
> default_tkt_enctypes = des-cbc-crc
>
> [realms]
> PILOT.FNAL.GOV = {
> kdc = krb-pilot-1.fnal.gov:88
> kdc = krb-pilot-3.fnal.gov:88
> kdc = krb-pilot-4.fnal.gov:88
> kdc = krb-pilot-5.fnal.gov:88
> admin_server = krb-pilot-admin.fnal.gov
> default_domain = fnal.gov
> # auth_to_local = RULE:[1:$1@$0](.*@FNAL\.GOV)[log in to unmask]*//
> auth_to_local = DEFAULT
> }
> FNAL.GOV = {
> kdc = krb-fnal-1.fnal.gov:88
> kdc = krb-fnal-2.fnal.gov:88
> kdc = krb-fnal-3.fnal.gov:88
> kdc = krb-fnal-4.fnal.gov:88
> kdc = krb-fnal-5.fnal.gov:88
> kdc = krb-fnal-6.fnal.gov:88
> admin_server = krb-fnal-admin.fnal.gov
> default_domain = fnal.gov
> # auth_to_local = RULE:[1:$1@$0](.*@PILOT\.FNAL\.GOV)[log in to unmask]*//
> auth_to_local = DEFAULT
> }
> WIN.FNAL.GOV = {
> kdc = newpckits.fnal.gov:88
> admin_server = newpckits.fnal.gov
> default_domain = fnal.gov
> }
>
> [instancemapping]
> afs = {
> cron/* = ""
> cms/* = ""
> }
>
> [domain_realm]
> .minos-soudan.org = FNAL.GOV
> d-002577dcg.dhcp.fnal.gov = FNAL.GOV
> fsus01.fnal.gov = FNAL.GOV
> fsus03.fnal.gov = FNAL.GOV
> fsus04.fnal.gov = FNAL.GOV
> c243580-a.wheaton1.il.home.com = FNAL.GOV
>
> # The whole "top half" is replaced during "ups installAsRoot krb5conf", so:
> # It would probably be a bad idea to change anything on or above this line
>
> # If you need to add any .domains or hosts, put them here
> [domain_realm]
> .ts.infn.it = PILOT.FNAL.GOV
> .pi.infn.it = PILOT.FNAL.GOV
> .physics.lsa.umich.edu = PILOT.FNAL.GOV
> .phys.ttu.edu = PILOT.FNAL.GOV
>
> [logging]
> default = SYSLOG:ERR:AUTH
>
> [appdefaults]
> default_lifetime = 7d
> retain_ccache = false
> autologin = true
> forward = true
> forwardable = true
> renewable = true
> encrypt = true
> krb5_aklog_path = /usr/krb5/bin/aklog
>
> telnet = {
> }
>
> rcp = {
> forward = false
> encrypt = false
> allow_fallback = true
> }
>
> rsh = {
> allow_fallback = true
> }
>
> rlogin = {
> allow_fallback = false
> }
>
>
> login = {
> forwardable = true
> krb5_run_aklog = true
> krb5_get_tickets = true
> krb4_get_tickets = false
> krb4_convert = false
> }
>
> kinit = {
> forwardable = true
> krb5_run_aklog = true
> }
>
> rshd = {
> krb5_run_aklog = true
> }
>
> ftpd = {
> krb5_run_aklog = true
> default_lifetime = 6h
> }
>
> [pam]
> debug = false
> ticket_lifetime = 100000
> renew_lifetime = 100000
> forwardable = true
> krb4_convert = true
> afs_cells = fnal.gov
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/CSS CSI Group
__________________________________________________
|
|
|
