Fixing Heimdal KDC setup

Q

QuinRiva

I was setting up Heimdal KDC following the guide here and made the silly mistake of not specifing the server correctly.

Code: 
[libdefaults]
    default_realm = SIN.X
[realms]
    SIN.X = {
        kdc = kerberos.sin.x
        admin_server = kerberos.sin.x
    }
[domain_realm]
    .sin.x = SIN.X

Instead of:
Code: 
[libdefaults]
    default_realm = SIN.X
[realms]
    SIN.X = {
        kdc = vanity.sin.x
        admin_server = vanity.sin.x
    }
[domain_realm]
    .sin.x = SIN.X

I have since corrected this, but I created users first and I am unsure of how to delete them and re-add them.

I have tried:
Code: 
Vanity# kadmin -l
kadmin> add quinriva
Max ticket life [1 day]:
Max renewable life [1 week]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
quinriva@SIN.X's Password:
Verifying - quinriva@SIN.X's Password:
kadmin: kadm5_create_principal: Principal or policy already exists
kadmin: adding quinriva: Principal or policy already exists
kadmin> del principal quinriva
kadmin: del principal: Principal does not exist

If I try to initialise that user.
Code: 
Vanity# kinit quinriva
quinriva@SIN.X's Password:
kinit: krb5_get_init_creds: KDC policy rejects request

But it works just fine with new users that I have created. Any ideas?
 
If you haven't changed your Kerberos realm, I would expect your configuration to work. Try to see what /var/heimdal/kdc.log says when this happens. Apart from that, I think that you have two options: 1) delete your kerberos users by running del <principal_name> after running kadmin -l, 2) Rebuild your database from scratch by removing your realm, initializing it again and start adding new users.
 
Yep, deleting the principal worked. It's frustrating that the documentation isn't as clear as it could be: I thought the command was del principal <principal_name>
 
You must log in or register to reply here.
Back
Top