记录了Kerberos安装中遇到的错误,摘录自http://research.imb.uq.edu.au/~l.rathbone/ldap/kerberos.shtml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [ lance @ client ~ ] $ kinit lance / admin Password for lance / admin @ EXAMPLE . COM : [ lance @ client ~ ] $ klist Ticket cache : FILE : / tmp / krb5cc_500 Default principal : lance / admin @ EXAMPLE . COM Valid starting Expires Service principal 01 / 08 / 08 14 : 22 : 07 01 / 09 / 08 13 : 47 : 58 krbtgt / EXAMPLE . COM @ EXAMPLE . COM Kerberos 4 ticket cache : / tmp / tkt500 klist : You have no tickets cached [ lance @ client ~ ] $ kadmin Authenticating as principal lance / admin @ EXAMPLE . COM with password . Password for lance / admin @ EXAMPLE . COM : kadmin : GSS - API ( or Kerberos ) error while initializing kadmin interface [ root @ kdc1 ~ ] # tail /var/log/kadmind.log Jan 08 13 : 32 : 00 kdc1 . example . com kadmind [ 17036 ] ( Notice ) : Authentication attempt failed : 130.102.113.139 , GSS - API error strings are : Jan 08 13 : 32 : 00 kdc1 . example . com kadmind [ 17036 ] ( Notice ) : Miscellaneous failure Jan 08 13 : 32 : 00 kdc1 . example . com kadmind [ 17036 ] ( Notice ) : Clock skew too great Jan 08 13 : 32 : 00 kdc1 . example . com kadmind [ 17036 ] ( Notice ) : GSS - API error strings complete .
错误可能:
磁盘空间用尽 NTP服务出现问题请重启NTP服务后再次查看,如仍有问题则查看磁盘空间用量及inode用量
注意,在这种情况下kinit仍是可以成功执行的
删除用户、数据库后新建用户无法进行kinit和kadmin
请重启kadmin服务和krb5kdc服务
