kinit 无法连接

tag-icon tag-icon kerberos apache-ds mitkerberos
kinit 无法连接

我正在尝试连接到在 ApacheDS 上运行的 Kerberos。这是我在 LDAP 上加载的初始 LDIF:

dn: ou=Users,dc=example,dc=com
ou: Users
description: Example.Com Users
objectClass: organizationalUnit

dn: uid=hnelson,ou=Users,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: krb5principal
objectClass: krb5kdcentry
cn: Horatio Nelson
sn: Nelson
uid: hnelson
userPassword: secret
krb5PrincipalName: [email protected]
krb5KeyVersionNumber: 0

然后我创建了以下 /etc/krb5.conf

[libdefaults]
  default_realm = EXAMPLE.COM
  default_tgs_enctypes = des-cbc-md5,des3-cbc-sha1-kd
  default_tkt_enctypes = des-cbc-md5,des3-cbc-sha1-kd
  dns_lookup_realm = false
  dns_lookup_kdc = false
  allow_weak_crypto = yes
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = yes  

[realms]
  EXAMPLE.COM = {
    kdc = localhost:60088
    admin_server = localhost:60088
  }

[domain_realm]
  .example.com = EXAMPLE.COM
  example.com = EXAMPLE.COM

现在,当运行 kinit 来获取 kerberos 票证时,似乎没有可用的服务来处理请求:

[francesco@localhost kerberos]$ kinit [email protected]
Password for [email protected]: 
kinit: A service is not available that is required to process the request while getting initial credentials

但是该服务正在端口 60088 上运行:

[francesco@localhost kerberos]$ netstat -an | grep 60088
tcp6       0      0 127.0.0.1:60088         :::*                    LISTEN

最后,这是我的 /etc/hosts 文件:

127.0.0.1  localhost
127.0.0.1       localhost.localdomain localhost

知道如何解决这个问题吗?谢谢

相关内容