# FreeBSD 12.2 incompatability with Linux-based Kerberos ?



## HAL9000 (Nov 10, 2020)

Hi,

I'm having a bit of weird Kerberos problem.

Currently I manage a large Linux-based environment, with Kerberos KDCs hosted on Debian 10.

I have zero problems with this in Linux, absolutely none, it all works perfectly.

However now I am trying to connect two FreeBSD clients to the KDCs.

On Linux I would normally run commands such as :
`kadmin -p foobar/admin -q "addprinc -randkey nfs/host.example.com" -k -t /foobar/krb5.keytab`
However I appreciate FreeBSD is Heidmal based, so I adapted the command to the relevant syntax:
`kadmin -p foobar/admin -K /foobar/krb5.keytab add -r nfs/host.example.com`
Of course, the user keytab is present, and of course I have /etc/krb5.conf present (I just use the same one that works perfectly on Linux clients) :

```
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 10h
renew_lifetime = 7d
forwardable = false
rdns = false
default_realm = FOOBAR.CORP
dns_lookup_kdc = true
default_ccache_name = FILE:/tmp/krb5cc_%{uid} # possibly try KEYRING:persistent:%{uid} here...
[realms]
FOOBAR.CORP = {
admin_server = kerberos.foobar.corp
}
[logging]
default = SYSLOG:NOTICE:DAEMON
```

I have tried adding a  [domain_realm] section to the krb5.conf but that has no effect.

However what happens is kadmin on FreeBSD just hangs.  Nothing happens, it just hangs.  I eventually have to kill it because I can't even Ctrl-C out.   Nothing is logged on the KDCs or the FreeBSD logs.


----------



## SirDice (Nov 10, 2020)

There are implementation differences between MIT Kerberos and Heimdal. You cannot use the Heimdal kadmin to administer MIT Kerberos and vice versa.








						Chapter 14. Security
					

Hundreds of standard practices have been authored about how to secure systems and networks, and as a user of FreeBSD, understanding how to protect against attacks and intruders is a must




					www.freebsd.org


----------

