kerberos — 无法联系任何 kdc

tag-icon tag-icon linux redhat kerberos
kerberos — 无法联系任何 kdc

我不明白 kerberos。从 YouTube 视频中,我配置了 kerberos。然后出现错误。我从 kdc 服务器为客户端创建主体。

但是,从客户端来看,root 用户显示:

 [root@client ~]# kadmin
Authenticating as principal root/[email protected] with password.
Password for root/[email protected]: 
kadmin: Communication failure with server while initializing kadmin interface

[root@client ~]# kinit
kinit: Client '[email protected]' not found in Kerberos database while getting initial credentials

对于其他用户(客户端),它显示:

[client@client ~]$ kadmin
Couldn't open log file /var/log/kadmind.log: Permission denied
Authenticating as principal client/[email protected] with password.

kadmin:客户端'客户端/[电子邮件保护]'初始化 kadmin 接口时未在 Kerberos 数据库中找到

[client@client ~]$ kinit
kinit: Client '[email protected]' not found in Kerberos database while getting initial credentials

以下是我的主要清单:

kadmin.local:  listprincs 

K/[email protected]

[email protected]

[email protected]


[email protected]

kadmin/[email protected]

kadmin/[email protected]


kadmin/[email protected]

kiprop/[email protected]

krbtgt/[email protected]

root/[email protected]

[email protected]

[email protected]

server/[email protected]

[email protected]

[email protected]

kdc服务器的配置文件(/etc/krb5.conf):

includedir /etc/krb5.conf.d/

[logging]

default = FILE:/var/log/krb5libs.log
 
kdc = FILE:/var/log/krb5kdc.log
 
admin_server = FILE:/var/log/kadmind.log

[libdefaults]

 dns_lookup_realm = false

 ticket_lifetime = 24h

 renew_lifetime = 7d

 forwardable = true

 rdns = false

 pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt

 default_realm = CSE.LOCAL

 default_ccache_name = KEYRING:persistent:%{uid}

[realms]

 CSE.LOCAL = {

  kdc = server.cse.local

 admin_server = server.cse.local
 }

[domain_realm]

 .cse.local = CSE.LOCAL

 cse.local = CSE.LOCAL

/var/kerbersos/krb5kdc/kdc.conf:

[kdcdefaults]

 kdc_ports = 88

 kdc_tcp_ports = 88

[realms]

 CSE.LOCAL = {

  master_key_type = aes256-cts

  default_principal_flags = +preauth

  acl_file = /var/kerberos/krb5kdc/kadm5.acl

  dict_file = /usr/share/dict/words

  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab

  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal 
arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
 }

客户端/etc/krb5.conf配置:

includedir /etc/krb5.conf.d/

[logging]

 default = FILE:/var/log/krb5libs.log

 kdc = FILE:/var/log/krb5kdc.log

 admin_server = FILE:/var/log/kadmind.log

[libdefaults]

 dns_lookup_realm = false

 ticket_lifetime = 24h

 renew_lifetime = 7d

 forwardable = true

 rdns = false

 pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt

 default_realm = CSE.LOCAL

 default_ccache_name = KEYRING:persistent:%{uid}

[realms]

 CSE.LOCAL = {

  kdc = server.cse.local

 admin_server = server.cse.local
 }

[domain_realm]

 .cse.local = CSE.LOCAL

 cse.local = CSE.LOCAL

NTP 运行正常..

另外,我在两侧添加了 kerbersos 服务器和 tcp 和 udp 端口​​ 88..dns 也正常工作..我现在能做什么??

相关内容