| Date Of Receipt: 6-DEC-1994 18:25:30.43
From: FLAMBE::"anderson@decwet.zso.dec.D5NET.dec.com"
To: flambe::odehelp, flambe::admin
CC: bbi::sane
Subj: FWD: kerberos questions and request
Nitin,
The message is saying is could not find the /.k file.
Rich Larsen created one for you. You need to double check you
have it.
kpropd runs to get a new database (doesn't need the /.k file)
kerberos uses the databases for kinit (does need the /.k file).
I suspect that kpropd is running fine and you have a database.
Do you have a /var/dss/kerberos/dbase/dbase? I suspect that
kerberos is not running. Can you do a kinit to your local slave?
Since you are a slave, you should have your node first in the krb.conf,
otherwise there isn't any point for zk3 to push you a database.
To verify all is working, look at /var/dss/kerberos/log/kerberos.log and
/var/dss/kerberos/log/kpropd.log.
Tina
*************************************************************
Josh,
I have another kerberos problem. This one is unresolved for quite a long
time (since I was in New Jersey).
Following is the error message I get when system reboots (or when I run
/sbin/init.d/Kerberos start).
# ./Kerberos start
Starting kpropd
ERROR: No key file. With no key, the Kerberos daemon
will fail. After the first successful push of
a database to you, you need to do the following:
1\) create a Kerberos key:
/var/dss/kerberos/bin/kstash
2\) rerun this script to start Kerberos:
kerberos start
Starting kerberos
Kerberos server starting
Sleep forever on error
Log file is /var/dss/kerberos/log/kerberos.log
This indicates that kerberos server is not pushing database to me.
I had a /etc/krb.conf file as below :
ZONE
ZONE odie.unx.dec.com
ZONE rust.zso.dec.com
ZONE lastin.zk3.dec.com
ZONE merge.zk3.dec.com
ZONE merge.zk3.dec.com admin dummy
which I changed to this one following a mail (15-Sep) to that effect.
ZONE
ZONE flume.zk3.dec.com
ZONE alpha.zk3.dec.com
ZONE wasted.zk3.dec.com
ZONE flambe.zk3.dec.com
ZONE yield.zk3.dec.com admin dummy
Is it correct ???
Also, I need to create some principal names for my team members here in
India. Is it possible for me to do
it or do I have to request someone in ZK3 for that ??? (If so, whom)..
Please reply ASAP.
Thanks and regards.
- ------------------------------------------------------
P. B. (Nitin) Sane MailStop - BBI
Digital (India) Voice - 91-22-8370333
SEEPZ, Bombay. Fax - 91-22-8370011
India E-Mail - sane@bbi.dec.com
bbiv02::sane
- ------------------------------------------------------
------- End of Forwarded Message
-Grant
______________________________________________________________________
Grant Van Dyck enet: vandyck@zk3.dec.com
MS: ZKO3-3/W20 decnet: flambe::vandyck
USG Release Engineering (603) 881-2932
110 Spitbrook Road (DTN) 381-2932
Nashua, NH
|
| Date Of Receipt: 8-DEC-1994 12:23:05.13
From: FLAMBE::"anderson@decwet.zso.dec.D5NET.dec.com"
To: smtp@"sane@bbi.dec.com".zk3.dec.com
CC: flambe::odehelp, sysv::rll
Subj: kerberos questions and request
Nitan:
1) Yes, the ZK3/UNX folks are the ones to create Principal names for you team-
members.
2) I believe you are set up fine. You just need to get Rich Larsen to
log onto your machine again and run kstash (that is if you don't have
the /.k file) He can't give it to you, he needs to run kstash on
your machine.
The error message in the log you provided is telling you that it can't
find the /.k file.
Currently, kerberos.log file shows
kerberos: couldn't get master key.
|
|______ the "key" is the
/.k file that you need.
3) Your krb.conf should look like the below:
I believe you have a T1 link to zk3, so that
is where you should go if deil fails. I would
not put slugbt.zso in your krb.conf.
ZONE
ZONE deil.bbi.dec.com
ZONE kerberos1.zk3.dec.com
ZONE kerberos2.zk3.dec.com
ZONE kerberos3.zk3.dec.com
ZONE kerberos4.zk3.dec.com
ZONE kerberos.zk3.dec.com admin dummy
4) You do DO want alises for kerberos1, 2, 3, ,4. BIND should
resolve them for you.
|