Bug 241683 - FreeBSD Handbook: Kerberos documentation lacks essential detail
Summary: FreeBSD Handbook: Kerberos documentation lacks essential detail
Status: Open
Alias: None
Product: Documentation
Classification: Unclassified
Component: Books & Articles (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-doc (Nobody)
URL: https://docs.freebsd.org/en/books/han...
Keywords: needs-patch
Depends on:
Blocks: handbook-2022
  Show dependency treegraph
 
Reported: 2019-11-03 03:51 UTC by Farhan Khan
Modified: 2022-12-30 03:38 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Farhan Khan 2019-11-03 03:51:58 UTC
Hi all,
The Kerberos documentation "does not work". I do not know enough about Kerberos to say where, but the client is unable to use kinit to connect to the KDC server. Please see my report here: https://forums.freebsd.org/threads/error-setting-up-kerberos-server-kadm5_create_principal-unknown.72597/
Comment 1 Farhan Khan 2019-11-03 05:09:59 UTC
Figured out the issue - it appears that we are missing the step 'kdb5_util create'.
Comment 2 Tom Rhodes freebsd_committer freebsd_triage 2020-09-06 20:46:43 UTC
Yes, that seems realistic outside of using heimdal, which I believe runs create for you? It's been about twenty years since I have used kerberos, but I assume the command "kdb5_util create" should be ran right before "kadmin" is ran to create the db file? This is probably not in the case of heimdal which does not provide a kdb5_util (if I recall correctly).

I can add the step if you could please verify that is the placement of the command execution. Thank you!
Comment 3 Benjamin Kaduk freebsd_committer freebsd_triage 2020-09-07 01:46:18 UTC
It's pretty surprising that `kdb5_util create` helped your situation, since kdb5_util is an MIT krb5 utility but the rest of your procedures are using Heimdal krb5.  The analogous step to `kdb5_util create` in the Heimdal ecosystem is the `init EXAMPLE.ORG` kadmin interactive command from Section 13.5.1 of the linked https://www.freebsd.org/doc/handbook/kerberos5.html
Comment 4 Tom Rhodes freebsd_committer freebsd_triage 2020-09-07 02:28:54 UTC
(In reply to Benjamin Kaduk from comment #3)

Hi Benjamin,

I thought the same thing when looking at the differences between the ports and, when it was noticed the kbr change fixed the problem, I assume the other, non-heimdal method was the settled on solution here. :)

--
Tom
Comment 5 Pau Amma 2022-04-11 04:51:50 UTC
Is this (that is, the workaround using MIT Kerberos) still needed?