您当前的位置: 最近涉及网络服务安全,需要配置kerberos遇到一个问题Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials!!!搜了很多,一直没有解决,如有牛人帮助解决,积分送上!在red hat 5中配置kerberos
krb.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[kdc]
profile = /usr/local/var/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
kdc.conf
[kdcdefaults]
acl_file = /usr/local/var/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /usr/local/var/krb5kdc/kadm5.keytab
v4_mode = nopreauth
[realms]
EXAMPLE.COM = {
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-
hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4
des-cbc-crc:afs3
}
hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.201 kerberos.example.com kerberos
防火墙关闭
and DNS设置如下
localhost.localdomain
192.168.0.1
把admin添加成数据库管理员
in kadmin.local
I got this:
kadmin.loal:listprincs
kadmin.local: listprincs
K/[email protected]
admin/[email protected]
kadmin/[email protected]
kadmin/[email protected]
kadmin/[email protected]
krbtgt/[email protected]
admin显示添加成功但是kinit的显示无法连接kdc
[root@localhost krb5kdc]# /usr/local/bin/kinit admin/admin
kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting
initial credentials
------解决方案--------------------
ip设置问题,搞成一样的,避免冲突,使用ifconfig查看,更改housts