Hi all, The Kerberos documentation "does not work". I do not know enough about Kerberos to say where, but the client is unable to use kinit to connect to the KDC server. Please see my report here: https://forums.freebsd.org/threads/error-setting-up-kerberos-server-kadm5_create_principal-unknown.72597/
Figured out the issue - it appears that we are missing the step 'kdb5_util create'.
Yes, that seems realistic outside of using heimdal, which I believe runs create for you? It's been about twenty years since I have used kerberos, but I assume the command "kdb5_util create" should be ran right before "kadmin" is ran to create the db file? This is probably not in the case of heimdal which does not provide a kdb5_util (if I recall correctly). I can add the step if you could please verify that is the placement of the command execution. Thank you!
It's pretty surprising that `kdb5_util create` helped your situation, since kdb5_util is an MIT krb5 utility but the rest of your procedures are using Heimdal krb5. The analogous step to `kdb5_util create` in the Heimdal ecosystem is the `init EXAMPLE.ORG` kadmin interactive command from Section 13.5.1 of the linked https://www.freebsd.org/doc/handbook/kerberos5.html
(In reply to Benjamin Kaduk from comment #3) Hi Benjamin, I thought the same thing when looking at the differences between the ports and, when it was noticed the kbr change fixed the problem, I assume the other, non-heimdal method was the settled on solution here. :) -- Tom
Is this (that is, the workaround using MIT Kerberos) still needed?