Path: utzoo!attcan!uunet!jarthur!elroy.jpl.nasa.gov!decwrl!shelby!rutgers!bellcore!ctt.bellcore.com!lunt From: lunt@ctt.bellcore.com (Steve Lunt) Newsgroups: comp.protocols.kerberos Subject: Kerberos Difficulties Message-ID: <20243@bellcore.bellcore.com> Date: 22 Feb 90 19:41:23 GMT Sender: news@bellcore.bellcore.com Reply-To: lunt@ctt.bellcore.com (Steve Lunt) Organization: Bellcore, Piscataway, NJ Lines: 54 I have been having some weird problems in attempting to bring Kerberos up on my network. I cannot change my password using the kpasswd facility. Below is the error message: ------------------------------------------------------------------------------- $ /usr/athena/klist Ticket file: /tmp/tkt338 Principal: lunt@CTT.BELLCORE.COM Issued Expires Principal Feb 22 14:14:07 Feb 22 19:14:07 krbtgt.CTT.BELLCORE.COM@CTT.BELLCORE.COM $ /usr/athena/kpasswd Old password for lunt: lrealm is CTT.BELLCORE.COM krb_udp_port is 60930 Getting host entry for dduck.ctt.bellcore.com...Got it. Sending message to 128.96.128.63...Sent Waiting for reply...received packet from 128.96.128.63 Received it Clen is 120 New Password for lunt: Verifying, please re-enter New Password for lunt: ./kpasswd: Could not connect to server attempting to change password. Password NOT changed. ------------------------------------------------------------------------------- Do you know what is wrong here? I was able to get a ticket from the Kerberos server (as evidenced from the output of klist), but kpasswd seems not to be able to connect to that server. Is there some other server I need to define somewhere? I have also found several other inadequacies with Kerberos: 1. The operation guide neglected to inform me that, apparently (after pouring through source code), you need to create a "changepw" principal via kdb_edit in order to use kpasswd. The error message caused by this was not indicative of the problem. 2. There is no utility to list all entries in the Kerberos master database (a sort of /usr/etc/kdb_list). I have written one, using kdb_edit and kdb_util as models. 3. There is no utility to delete an entry from the Kerberos master database (a sort of /usr/etc/kdb_del). -- Steve Steven J. Lunt RRC-1K227B Computer Security Technology 444 Hoes Lane Bellcore Piscataway, NJ 08854 lunt@ctt.bellcore.com (201) 699-4244