I have installed MITKDC. I am enabling Kerberos using Existing MIT KDC From Ambari. While creating principals I am getting below error.
Failed to create principal, trinitylocal-071819@HUB.LOCAL - Failed to create a service principal for trinitylocal-071819@HUB.LOCAL STDOUT: Authenticating as principal admin/admin@HUB.LOCAL with existing credentials.
STDERR: WARNING: no policy specified for trinitylocal-071819@HUB.LOCAL; defaulting to no policy
add_principal: Insufficient access to lock the database while creating "trinitylocal-071819@HUB.LOCAL".Administration credentials NOT DESTROYED.
I am able to create principals using kadmin.local.below commands also working. I am able to login to Kinit admin/admin also.
Klist command I have tried and I am able to log in. Below are my krb5.conf and kdc.conf.
Below is my krb5.conf
[libdefaults]
renew_lifetime = 7d
forwardable = true
default_realm = HUB.LOCAL
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
default_ccache_name = /tmp/krb5cc_%{uid}
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
[realms]
HUB.LOCAL = {
admin_server = HOSTNAME
kdc = HOSTNAME
}
Below is my kdc.conf
[kdcdefaults]
kdc_ports = 750,88
[realms]
EXAMPLE.COM = {
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
default_principal_flags = +preauth
}
