"Cannot contact any KDC for realm" since upgrading to Fedora 21

fedora fedora at ayni.com
Wed Dec 17 14:37:30 UTC 2014 

selinux?

On 12/17/2014 03:12 PM, Braden McDaniel wrote:
> I upgraded a Kerberos server box from Fedara 20 to 21.  Since doing so,
> other Fedora machines (which are still using Fedora 20) can no longer
> authenticate:
>
>    $ kinit
>    kinit: Cannot contact any KDC for realm 'ENDOFRAME.NET' while getting
> initial credentials
>
> On the server:
>
>    # systemctl status krb5kdc
>    ● krb5kdc.service - Kerberos 5 KDC
>       Loaded: loaded (/etc/systemd/system/krb5kdc.service; enabled)
>       Active: active (running) since Tue 2014-12-16 08:27:54 EST; 24h ago
>      Process: 22776 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid
> $KRB5KDC_ARGS (code=exited, status=0/SUCCESS)
>     Main PID: 22777 (krb5kdc)
>       CGroup: /system.slice/krb5kdc.service
>               └─22777 /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid
>
> And I'm able to kinit just fine locally on the server.
>
> I've tried completely disabling firewalls; that didn't help.
>
> /var/log/krb5kdc.log on the server looks like this:
>
>    otp: Loaded
>    Dec 16 08:27:54 knock.endoframe.net krb5kdc[22776](Error): preauth
> pkinit failed to initialize: No realms configured correctly for pkinit
> support
>    Dec 16 08:27:54 knock.endoframe.net krb5kdc[22776](info): setting up
> network...
>    Dec 16 08:27:54 knock.endoframe.net krb5kdc[22776](info): listening
> on fd 12: udp 0.0.0.0.88 (pktinfo)
>    krb5kdc: setsockopt(13,IPV6_V6ONLY,1) worked
>    krb5kdc: Invalid argument - Cannot request packet info for udp socket
> address :: port 88
>    Dec 16 08:27:54 knock.endoframe.net krb5kdc[22776](info): skipping
> unrecognized local address family 17
>    Dec 16 08:27:54 knock.endoframe.net krb5kdc[22776](info): skipping
> unrecognized local address family 17
>    krb5kdc: setsockopt(13,IPV6_V6ONLY,1) worked
>    Dec 16 08:27:54 knock.endoframe.net krb5kdc[22776](info): listening
> on fd 13: udp fe80::21c:c0ff:fedf:4b55%eth0.88
>    krb5kdc: setsockopt(14,IPV6_V6ONLY,1) worked
>    Dec 16 08:27:54 knock.endoframe.net krb5kdc[22776](info): listening
> on fd 15: tcp 0.0.0.0.88
>    Dec 16 08:27:54 knock.endoframe.net krb5kdc[22776](info): listening
> on fd 14: tcp ::.88
>    Dec 16 08:27:54 knock.endoframe.net krb5kdc[22776](info): set up 4
> sockets
>    Dec 16 08:27:54 knock.endoframe.net krb5kdc[22777](info): commencing
> operation
>    Dec 17 08:52:59 knock.endoframe.net krb5kdc[22777](info): AS_REQ (6
> etypes {18 17 16 23 25 26}) 192.168.1.10: ISSUE: authtime 1418824379,
> etypes {rep=18 tkt=18 ses=18}, braden at ENDOFRAME.NET for
> krbtgt/ENDOFRAME.NET at ENDOFRAME.NET
>
>
> Where should I be looking?
>

More information about the users mailing list