(Illustration by Gaich Muramatsu)
Daniel Savard wrote: >I am trying to implement Kerberos authentication for Coda. I created a >test user in Coda with pdbtool and the same user exists in Kerberos. I >checked Kerberos authentication with kinit and it is working fine. While >trying to clog I am getting the following messages: > >username: myuser_at_somehost.mycorp.ca >krb5.c: Server not found in Kerberos database while preparing AP_REQ >Password for myuser_at_MYCORP.CA: >krb5.c: Server not found in Kerberos database while preparing AP_REQ >Failed to get secret for somehost.mycorp.ca >Invalid login (RPC2_FAIL (F)). > >MYCORP.CA is the Kerberos realm and somehost.mycorp.ca is the Coda >realm. > >In my venus.conf I have the following lines: > >realm="somehost.mycorp.ca" >kerberos5service="host/%s" >kerberos5realm=MYCORP.CA >kerberos5kinit="kinit" > >What am I missing? > >TIA > >Daniel > > > > > You missing setting keytab file for coda service in case you already have principal host/<SCM name in capital>@MYCORP.CA which is a principal for coda service. Better is to use "coda" instead of "host" as a primary name because the name may clash with the name of rsh/telnet service. Adding service principal to Kerberos database is done with kadmin and the command addprinc -randkey <principal name> (you will never need its key/password so making it at random is OK). After the principal is added to the Kerberos database you should call kadmin from SCM machine and transfer the service key to local keytab file (/etc/krb5.keytab on SCM). It is done with command ktadd <service principal name>. I suppose you have MIT Kerberos. The coda should be working now. Good luck!Received on 2005-03-18 09:25:42