HPE Community
Operating System - HP-UX
1832605 Members
2775 Online
110043 Solutions
New Discussion

kinit: Can't open/find configuration file (dce / krb) when parsing name

 
Skwar
Occasional Advisor

‎10-14-2003 09:35 PM

‎10-14-2003 09:35 PM

kinit: Can't open/find configuration file (dce / krb) when parsing name

Hello.

I'm trying to authenticate against an Active Directory Domain Controller with kinit of the J5849AA B11.00.14 depot.

When I run kinit as a user, I get this error message:

vz6tml_tc51:/u/vz6tml/ > kinit
kinit: Can't open/find configuration file (dce / krb) when parsing name vz6tml

Judging from krb5.conf(4), I'd assume that it reads /etc/krb5.conf. This file contains:

root_tc51:// > cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = EUROPE.DELPHIAUTO.NET
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
EUROPE.DELPHIAUTO.NET = {
kdc = dewup-dc01.europe.delphiauto.net:88
admin_server = dewup-dc01.europe.delphiauto.net:749
default_domain = europe.delphiauto.net
}

[domain_realm]
.europe.delphiauto.net = EUROPE.DELPHIAUTO.NET
europe.delphiauto.net = EUROPE.DELPHIAUTO.NET

[appdefaults]
pam = {
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
}


Why do I get the error message "kinit: Can't open/find configuration file (dce / krb) when parsing name vz6tml"?

Thanks a lot,
Alexander
0 Kudos
Reply
20 REPLIES 20
Bruno Ganino
Honored Contributor

‎10-14-2003 10:07 PM

‎10-14-2003 10:07 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

Have you Kerberos 5 (NCSA) installed in your system? If yes:

Some UNIX systems come with (unconfigured) kerberos 4 or DCE clients on them (HP and Solaris are two that do). What the error means is that you are running the kinit that came on the system and not the Kerberos 5 kinit you got from NCSA.
Check the instructions on the download page to set your path correctly
Bye
Bruno
Torino (Turin) +2H
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-14-2003 10:10 PM

‎10-14-2003 10:10 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

This is link for you! See
http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/unix_install_remote.html

Good luck
Bruno
Torino (Turin) +2H
0 Kudos
Reply
Skwar
Occasional Advisor

‎10-14-2003 10:30 PM

‎10-14-2003 10:30 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

Hi.

Uhm, I'm using the Kerberos V5 Client v1.10 from HP from the depot J5849AA B11.00.14 => http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5849AA

This depot installs a /usr/bin/kinit binary, which is executed when entering "kinit".

vz6tml_tc51:/u/vz6tml/ > which kinit
/usr/bin/kinit

Even when I specify the complete path, I get the error message:

vz6tml_tc51:/u/vz6tml/ > /usr/bin/kinit
kinit: Can't open/find configuration file (dce / krb) when parsing name vz6tml


The link that you posted suggested to set the $PATH correctly so that this NCSA kerberos 5 is executed and not some kerberos 4 kinit. I don't think that /usr/bin/kinit from the Kerberos 5 package of HP is a kerberos 4 kinit, is it?


I just "found" the program /usr/sbin/pamkrbval which is part of the Kerberos depot. When I execute it, I see that it seems to read /etc/krb5.conf, because it connects to the server I configured in this file:

root_tc51:// > /usr/sbin/pamkrbval -v

Validating the pam configuration files
---------- --- --- ------------- -----

Validating the /etc/pam.conf file
[LOG] : The /etc/pam.conf files permissions are fine
[LOG] : Opened : /etc/pam.conf

[PASS] : The validation of config file: /etc/pam.conf passed

[NOTICE] : The validation of config file: /etc/pam_user.conf is not done
as libpam_updbe library is not configured

Validating the kerberos config file
---------- --- -------- ------ -----
[PASS] : Initialization of kerberos passed

Connecting to default Realm
---------- -- ------- -----
[LOG] : The default realm is : EUROPE.DELPHIAUTO.NET
[LOG] : KDC hosts for realm EUROPE.DELPHIAUTO.NET :dewup-dc01.europe.delphiauto.net
[LOG] : Trying to contact KDC for realm EUROPE.DELPHIAUTO.NET...
[LOG] : Realm EUROPE.DELPHIAUTO.NET is answering ticket requests
[PASS] : Default Realm is issuing tickets

Validating the keytab entry for the host service principal
---------- --- ------ ----- --- --- ---- ------- ---------
[LOG] : Host tc51, aka tc51.
[LOG] : The default keytab name is : /etc/krb5.keytab
[LOG] : Keytab file /etc/krb5.keytab is not present So assuming Success
[IGNORE] : The keytab validation is ignored and Assuming Success



Q: Which configuration file does kinit try to read?
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-15-2003 03:28 AM

‎10-15-2003 03:28 AM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

I have only documentation PAM in Italian language, I hope of have translate well. If it can be useful, see the attached one.
HTH
Torino (Turin) +2H
0 Kudos
Reply
Skwar
Occasional Advisor

‎10-15-2003 06:07 PM

‎10-15-2003 06:07 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

Hello again!

Uh, what does PAM have to do with all of this? To my understanding, I'd use PAM if I wanted to enable (let's say) ftp to use Kerberos. kinit, on the other hand, is independant of PAM, no?
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-15-2003 09:23 PM

‎10-15-2003 09:23 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

Verify if exist krb5.conf in others path.
Yes ? What contains?
Torino (Turin) +2H
0 Kudos
Reply
Skwar
Occasional Advisor

‎10-15-2003 09:45 PM

‎10-15-2003 09:45 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

Hi!


/etc/krb5.conf exists and contains:

vz6tml_tc51:/u/vz6tml/ > cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = EUROPE.DELPHIAUTO.NET
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
EUROPE.DELPHIAUTO.NET = {
kdc = dewup-dc01.europe.delphiauto.net:88
admin_server = dewup-dc01.europe.delphiauto.net:749
default_domain = europe.delphiauto.net
}

[domain_realm]
.europe.delphiauto.net = EUROPE.DELPHIAUTO.NET
europe.delphiauto.net = EUROPE.DELPHIAUTO.NET

[appdefaults]
pam = {
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
}

0 Kudos
Reply
Skwar
Occasional Advisor

‎10-15-2003 10:22 PM

‎10-15-2003 10:22 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

I suppose that krb5.conf should be in /etc, because there's an /etc/krb5.conf.sample file. I also did a "find / -type f -name krb5.conf", and the only file I found was the one in /etc.
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-15-2003 10:26 PM

‎10-15-2003 10:26 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

Alexander,
my question is if exist other krb5.conf in other path. Example in /usr/local/krb5/..(etc. etc.)

Torino (Turin) +2H
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-15-2003 10:32 PM

‎10-15-2003 10:32 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

What is vz6tml ?
Torino (Turin) +2H
0 Kudos
Reply
Skwar
Occasional Advisor

‎10-15-2003 10:34 PM

‎10-15-2003 10:34 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

"vz6tml" is my username. I ran the "cat /etc/krb5.conf" as this user, to show that even normal users have read access to this file.
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-15-2003 10:37 PM

‎10-15-2003 10:37 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

Excuse me for repetition, but
I have display problem, not see right in my machine with IE!
Torino (Turin) +2H
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-15-2003 10:39 PM

‎10-15-2003 10:39 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

With SuperUser it works ?
Torino (Turin) +2H
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-15-2003 10:51 PM

‎10-15-2003 10:51 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

I not see your answers... Verify also permission on Directory.
Torino (Turin) +2H
0 Kudos
Reply
Skwar
Occasional Advisor

‎10-15-2003 11:56 PM

‎10-15-2003 11:56 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

No, when I run "kinit" as root, I get the same error message. What do you mean with "permissions on directory"? Which directory? ~vz6tml? User vz6tml has write permissions in ~vz6tml. /etc? It is 555 - but what does it matter? /etc/krb5.conf is readable by normal users.
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-16-2003 05:26 AM

‎10-16-2003 05:26 AM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

I have found documentation for your message, i read that it is an error of DCE in Component krb, but nothing notice on Explanation and Action.
Code error 0x14129087 KRB5_CONFIG_CANTOPEN.

The message number itself begins with the hex identifier 0x1. The next four digits are unique for the component generating it. The final three digits are unique for each message number.



Torino (Turin) +2H
0 Kudos
Reply
Skwar
Occasional Advisor

‎10-16-2003 06:15 AM

‎10-16-2003 06:15 AM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

Hello!

That sounds interesting - where did you find this documentation? And what can I do to fix it - or is it just plain broken in HP-UX with nobody knowing how to fix it and thus no available Explanation and Action?

Thanks a lot for all the time that you already spent,
Alexander
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-16-2003 08:22 PM

‎10-16-2003 08:22 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

I would watch the configurations of PAM, DCE, KRB. Verify the qualifications reported to the username that you use, vz6tml.
For documentation you go on:
http://zivunix.uni-muenster.de/DCEdoc/PDG/PDG04.HTM

Attachments of littles guides (generics) PAM and Kerberos.
HTH

P.S. I am an user of ITRC like you, Not HP-Stuff.
Thank you for points.
Bruno
Torino (Turin) +2H
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-16-2003 08:25 PM

‎10-16-2003 08:25 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

PAM attachment
Torino (Turin) +2H
0 Kudos
Reply
Bruno Ganino
Honored Contributor

‎10-16-2003 08:26 PM

‎10-16-2003 08:26 PM

Re: kinit: Can't open/find configuration file (dce / krb) when parsing name

KRB attachment
Torino (Turin) +2H
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.