Kerberos? Does anyone have this running?

Neal McBurnett neal at bcn.boulder.co.us
Thu Jan 10 19:30:13 UTC 2008 

My guess is that the server team mailing list, or #ubuntu-server
or #kerberos would be better places for this discussion.  But read on
- my comments are interspersed.

On Thu, Jan 10, 2008 at 06:17:56PM +0100, Magnus Runesson wrote:
> On Wed, 2008-01-09 at 08:59 -0700, Kevin Fries wrote:
> > I am trying to build a single signon environment as an Ubuntu demo.
> > 
> > I tried to follow the help.ubuntu.com website to insure I did it the
> > "proper" or "documented" way.  There are numerous threads of people
> > asking for help in the forums.  In addition, there are 15 bugs filed in
> > Launchpad.  Many of these are going back to 7.04.
> > 
> 
> Do you have the full links to the doc you refer to?

I second the question :-)   Makes it much easier for the many readers
of this thread.

> Regards,
> /Magnus
> 
> > Is there something going on with Kerberos as to why there is no help, or
> > bug fixes?  Is this package going the way of the Woolly Mammoth?  Or is
> > it just not getting enough TLC?  Or, is something else going on?

I don't know, but my guess is that most of the efforts are going into
improving interoperability with Active Directory rather than just
kerberos.  The major news on that front is "Likewise":

 likewise: http://www.linux-watch.com/news/NS2350659361.html

and the server team is working on getting that integrated for Hardy.

> > For the record, I tripped upon the problem documented in the forums, and
> > launchpad bug reports, where upon install it does not properly run its
> > full configuration.  It never asks me for realm or anything.  Once
> > blowing off its config, it then fails to start (yeah I know, go figure).
> > But manually setting up the configuration does not work either.  The
> > package keeps coming up with the error: "kadmind: Improper format of
> > Kerberos configuration file while initializing context, aborting".  As
> > suggested, my dnsdomainname returns correctly, and I have manually
> > configured the files in accordance with the documentation.  No errors
> > are thrown in the syslog.

I had a problem like that once, and think that it had to do with not
having a Fully Qualified Domain Name (FQDN) for my system in
/etc/hosts.  I seem to recall that the kerberos installation uses the
server's FQDN to make a default realm, and doesn't catch the error if
that doesn't exist.

Googling for your error string with the word "launchpad" added (which
helps google prioritize authoritative launchpad bugs over chat in the
forums) led me quickly to this:

 https://bugs.edge.launchpad.net/ubuntu/+source/krb5/+bug/159357

which gives more details on the root problem: dnsdomainname is not
finding the FQDN.  For me, a gutsy install in which I gave it my FQDN
at install time properly put my FQDN in the /etc/hosts file, but if
I just gave it a local name I ran into this kerberos problem.

This is the format of what worked for me in /etc/hosts:

127.0.1.1       example.com example

Cheers,

Neal McBurnett                 http://mcburnett.org/neal/

More information about the Ubuntu-devel-discuss mailing list