FreeBSD 12.2 incompatability with Linux-based Kerberos ?

H

HAL9000

Hi,

I'm having a bit of weird Kerberos problem.

Currently I manage a large Linux-based environment, with Kerberos KDCs hosted on Debian 10.

I have zero problems with this in Linux, absolutely none, it all works perfectly.

However now I am trying to connect two FreeBSD clients to the KDCs.

On Linux I would normally run commands such as :
kadmin -p foobar/admin -q "addprinc -randkey nfs/host.example.com" -k -t /foobar/krb5.keytab
However I appreciate FreeBSD is Heidmal based, so I adapted the command to the relevant syntax:
kadmin -p foobar/admin -K /foobar/krb5.keytab add -r nfs/host.example.com
Of course, the user keytab is present, and of course I have /etc/krb5.conf present (I just use the same one that works perfectly on Linux clients) :
Code: 
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 10h
renew_lifetime = 7d
forwardable = false
rdns = false
default_realm = FOOBAR.CORP
dns_lookup_kdc = true
default_ccache_name = FILE:/tmp/krb5cc_%{uid} # possibly try KEYRING:persistent:%{uid} here...
[realms]
FOOBAR.CORP = {
admin_server = kerberos.foobar.corp
}
[logging]
default = SYSLOG:NOTICE:DAEMON

I have tried adding a [domain_realm] section to the krb5.conf but that has no effect.

However what happens is kadmin on FreeBSD just hangs. Nothing happens, it just hangs. I eventually have to kill it because I can't even Ctrl-C out. Nothing is logged on the KDCs or the FreeBSD logs.
 
There are implementation differences between MIT Kerberos and Heimdal. You cannot use the Heimdal kadmin to administer MIT Kerberos and vice versa.
www.freebsd.org

Chapter 16. Security

Hundreds of standard practices have been authored about how to secure systems and networks, and as a user of FreeBSD, understanding how to protect against attacks and intruders is a must
www.freebsd.org www.freebsd.org
 
You must log in or register to reply here.
Back
Top