*BSD News Article 93715


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!news.maxwell.syr.edu!supernews.com!www.bitstorm.net!j
From: J Rowley <j@www.bitstorm.net>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: kerberos - help :)
Date: 16 Apr 1997 18:58:46 GMT
Organization: All USENET -- http://www.Supernews.com
Lines: 28
Message-ID: <5j37h6$6n1@usenet88.supernews.com>
NNTP-Posting-Host: ns2.bitstorm.net
X-Newsreader: TIN [UNIX 1.3 unoff BETA 970309; i386 FreeBSD 2.1.5-RELEASE]
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:39181



I just installed 2.2.1 onto a new server here and I installed kerberos.
Now that I've done this, anyone in the wheel group can su to root without
a passwd. Oops :) 

This is what I get:
bash$ su
su: kerberos: not in root's ACL.
bash#

I assume that I need to start the kerberos server, but I get this in 
/var/log/kerberos.log:
16-Apr-97 14:49:57 kerberos: couldn't get master key.

I was playing around and reading the man pages and saw that there is a
kadmin utility so I tried adding a user with it, but I get:
admin:  ank j
kadm error for realm ATHENA.MIT.EDU: Could not find administrating host

Now, I think that I need to delete the realm ATHENA.MIT.EDU and add 
a realm for our server, but I can't figure it out. Are there any
config files for kerberos or anything? Do I even have a clue about 
kerberos? :) Anyone know how to remove kerberos so that su acts like
it did in 2.1.7?

Thanks for your time,
J