I have kerberos installed on my Windows Active Directory server however I cannot connect to KAdmin in UNIX.
I'm able to create users and principals in Windows, export keytabs to remote linux servers and then kinit successfully.
However, I want to make sure that the keytabs have maxrenewlife
and allow_renewable
set as I don't think my keytabs are being renewed successfully.
1) How do I set these properties on the Windows AD machine?
I believe this can be done via the kadmin interface but I can't connect to it.
root@dagobah:# kadmin -p pele/dagobah@AD.PRIVATE
Authenticating as principal kadmin/dagobah@AD.PRIVATE with password.
Password for kadmin/dagobah@AD.PRIVATE:
Password for kadmin/dagobah@AD.PRIVATE:
kadmin: Database error! Required KADM5 principal missing while initializing kadmin interface
So following this post - https://security.stackexchange.com/questions/7698/kadmin-problem-client-not-found-in-kerberos-database-while-initializing-kadmin - I created the kadmin/dagobah & kadmin/admin principals and retried:
root@dagobah:/etc/security/keytabs# kinit kadmin
Password for kadmin@AD.HADOOP.PRIVATE:
root@dagobah:/etc/security/keytabs# kadmin
Authenticating as principal kadmin/admin@AD.PRIVATE with password.
Password for kadmin/admin@AD.PRIVATE:
Password for kadmin/admin@AD.PRIVATE:
kadmin: Communication failure with server while initializing kadmin interface
2) How do I connect to Kadmin?