*BSD News Article 94112


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!news-peer.sprintlink.net!sprint!news-pull.sprintlink.net!news.sprintlink.net!news.wwa.com!news.ucdavis.edu!quadrophenia.ucdavis.edu!ccjason
From: ccjason@quadrophenia.ucdavis.edu (Jason Gabler)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: kerberos - help :)
Date: 21 Apr 1997 21:43:57 GMT
Organization: University of California, Davis
Lines: 53
Message-ID: <5jgn2t$b71$1@mark.ucdavis.edu>
References: <5j37h6$6n1@usenet88.supernews.com>
NNTP-Posting-Host: quadrophenia.ucdavis.edu
X-Newsreader: TIN [version 1.2 PL2]
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:39496


: This is what I get:
: bash$ su
: su: kerberos: not in root's ACL.
: bash#

: I assume that I need to start the kerberos server, but I get this in 
: /var/log/kerberos.log:
: 16-Apr-97 14:49:57 kerberos: couldn't get master key.

kerberos isn't your problem.  try giving root a password with the
`passwd' program.  But you'll have to get the non kerberized
version to do this.

I run kerberos w/o a root principal.  Root is local.  To do this you
will need the regular, non-kerberized and the normal `passwd'
programs.  Call one `passwd' and the other `kpasswd'.  This will allow
people to change both passwords.  Of course you dont need that
scenario if you will have 100% kerberized access.  If that's the case,
you better read up on kerberos.  Go to
athena-dist.mit.edu:/pub/kerberos and grb some documentation.

: I was playing around and reading the man pages and saw that there is a
: kadmin utility so I tried adding a user with it, but I get:
: admin:  ank j
: kadm error for realm ATHENA.MIT.EDU: Could not find administrating host

: Now, I think that I need to delete the realm ATHENA.MIT.EDU and add 
: a realm for our server, but I can't figure it out. Are there any
: config files for kerberos or anything? Do I even have a clue about 
: kerberos? :) Anyone know how to remove kerberos so that su acts like
: it did in 2.1.7?

replace the appropriate programs, /bin/login, /usr/bin/rlogin, etc...
with the normal, non-kerberized versions.

: Thanks for your time,
: J

Also, you might want to consider using kerberos v5 instead of the v4
that comes with FreeBSD.  It compiles extrememly easily


--
Lehitra'ot!
 		jason 
  .,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,
 | "We've all heard that a million monkeys banging on a million typewriters |
 |  will eventually reproduce the entire works of Shakespeare.  Now, thanks |
 |  to the Internet, we know this is not true." - Robert Wilensky, ILP 1996 |
 |--------------------------------------------------------------------------|
 | Jason Gabler * Programmer/Analyst * Information Technology * U.C. Davis  |
 | 415 752 1969 ------ httpd://quadrophenia.ucdavis.edu ------ 916 752 9215 |
  `'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'