marks@Eng.Sun.COM (Mark Stein) (07/25/90)
Hi there,
I am trying to get kadmind and related stuff working and keep getting
the error "Can't find Kerberos ticket or TGT" whenever a request is
sent to kadmind. Here's the details:
kadmin:
% kadmin
Welcome to the Kerberos Administration Program, version 2
Type "help" if you need it.
admin: get marks
Admin password:
kadm error: Can't find Kerberos ticket or TGT
admin: quit
Cleaning up and exiting.
/etc/srvtab on the machine running kadmind has (among others) the following
keys in it:
Service Instance Realm Key Version
------------------------------------------------------
changepw kadmin-host ENG.SUN.COM 3
changepw kerberos ENG.SUN.COM 1
The ticket obtained by kadmin is:
Ticket file: /tmp/tkt_adm_882
Principal: marks.admin@ENG.SUN.COM
Issued Expires Principal
Jul 25 08:58:17 Jul 25 16:58:17 changepw.kerberos@ENG.SUN.COM
The three ACL files /kerberos/admin_acl.{add,get,mod} each contain the
following line:
marks.admin@ENG.SUN.COM
Occasionally (not on every request) the kadmind log file generates
a line such as this:
25-Jul-90 09:10:00 child 899 not in list: termsig 0,coredump 0,retcode 0
When the server shuts down, I get this:
25-Jul-90 09:14:22 killing child 899
Does anyone recognize these symptoms and/or have suggestions on how to
proceed? Many thanks.
--Mark <marks@eng.sun.com>marks@Eng.Sun.COM (Mark Stein) (07/26/90)
I found the kadmin problem. It turns out that there are many assumptions in the admin code to the effect that KRB_MASTER (defined in krb.h) and KADM_SINST (defined in kadm.h) are the same. When I defined KADM_SINST to be the same as KRB_MASTER, everything works ok. Someone who sets KRB_MASTER to a fully qualified domain hostname will probably have difficulties. I believe the correct fix is that the places using KRB_MASTER as a changepw instance should be KADM_SINST instead. --Mark