krb5kdc 启动报权限问题

ZD 发表于: 2021-10-21   最后更新时间: 2021-10-21 16:38:39   2,010 游览

我在启动krb5kdc 的时候一直报认证问题,请问问题可能出在哪

执行命令:

sbin/krb5kdc

错误日志:

Oct 21 16:04:54 bbb-ee-kerberos-test-001 krb5kdc[741](info): Loaded
Oct 21 16:04:54 bbb-ee-kerberos-test-001 krb5kdc[741](info): Loaded
Oct 21 16:04:54 bbb-ee-kerberos-test-001 krb5kdc[741](info): setting up network...
Oct 21 16:04:54 bbb-ee-kerberos-test-001 krb5kdc[741](info): setting up network...
Oct 21 16:04:54 bbb-ee-kerberos-test-001 krb5kdc[741](Error): Permission denied - Cannot bind server socket on 0.0.0.0.88
Oct 21 16:04:54 bbb-ee-kerberos-test-001 krb5kdc[741](Error): Permission denied - Cannot bind server socket on 0.0.0.0.88
Oct 21 16:04:54 bbb-ee-kerberos-test-001 krb5kdc[741](Error): Failed setting up a UDP socket (for 0.0.0.0.88)
Oct 21 16:04:54 bbb-ee-kerberos-test-001 krb5kdc[741](Error): Failed setting up a UDP socket (for 0.0.0.0.88)
Oct 21 16:04:54 bbb-ee-kerberos-test-001 krb5kdc[741](Error): Permission denied - Error setting up network
Oct 21 16:04:54 bbb-ee-kerberos-test-001 krb5kdc[741](Error): Permission denied - Error setting up network

krb5.conf

[logging]

    default = FILE:/bbb/var/kerberos/log/krb5libs.log

    kdc = FILE:/bbb/var/kerberos/log/krb5kdc.log

    admin_server = FILE:/bbb/var/kerberos/log/kadmind.log

[libdefaults]

    dns_lookup_realm = false    #  指定无需DNS解析领域请求包

    dns_lookup_kdc = ture      #  指定允许DNS解析kdc请求包

    ticket_lifetime = 24h      #  指定Kerberos认证票证有效期

    forwardable = yes     #  允许转发解析请求
    default_realm = EXXXX.COM

    spake_preauth_groups = edwards25519

[realms]
    EXXXX.COM = {
        kdc = 10.33.33.33:88
        admin_server = 10.33.33.33:749
        default_domain = exxxx.com
    }

[domain_realm]
   .exxxx.com = EXXXX.COM

   exxxx.com = EXXXX.COM

kdc.conf

[kdcdefaults]
    kdc_listen = 88
    kdc_tcp_listen = 88

[realms]
    EXXXX.COM = {
        kadmind_port = 749
        max_life = 12h 0m 0s
        max_renewable_life = 7d 0h 0m 0s
        master_key_type = aes256-cts
        supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
        # If the default location does not suit your setup,
        # explicitly configure the following values:
        database_name = /bbb/running/kerberos/var/krb5kdc/principal
        key_stash_file = /bbb/running/kerberos/var/krb5kdc/.k5.BIZSEER.COM
        acl_file = /bbb/running/kerberos/var/krb5kdc/kadm5.acl
        admin_keytab = /bbb/running/kerberos/var/krb5kdc/kadm5.keytab
        spake_preauth_groups = edwards25519
        kdc_listen = 88
        kdc_tcp_listen = 88
    }

[logging]
    # By default, the KDC and kadmind will log output using
    # syslog.  You can instead send log output to files like this:
    kdc = FILE:/bbb/var/kerberos/log/krb5kdc.log
    admin_server = FILE:/bbb/var/kerberos/log/kadmin.log
    default = FILE:/bbb/var/kerberos/log/krb5lib.log

ls var/krb5kdc/

kadm5.acl principal  principal.kadm5  principal.kadm5.lock  principal.ok


cat  var/krb5kdc/kadm5.acl 
*/admin@EXXXX.COM    *
Kerberos
发表于 2021-10-21
ZD

用户不是root吧

回复
回答于 3年前
识趣
ZD -> 识趣 3年前

确实是启动用户的问题,这玩意儿竟然必须root权限启动 --!, 3Q

0 0 回复
识趣 -> ZD 3年前

采纳吧。

0 0 回复
你的答案

查看Kerberos相关的其他问题或提一个您自己的问题
提问

找不到想要的答案?提一个您自己的问题。