# Fixing Heimdal KDC setup



## QuinRiva (Nov 21, 2012)

I was setting up Heimdal KDC following the guide here and made the silly mistake of not specifing the server correctly.


```
[libdefaults]
    default_realm = SIN.X
[realms]
    SIN.X = {
        kdc = kerberos.sin.x
        admin_server = kerberos.sin.x
    }
[domain_realm]
    .sin.x = SIN.X
```

Instead of:

```
[libdefaults]
    default_realm = SIN.X
[realms]
    SIN.X = {
        kdc = vanity.sin.x
        admin_server = vanity.sin.x
    }
[domain_realm]
    .sin.x = SIN.X
```

I have since corrected this, but I created users first and I am unsure of how to delete them and re-add them.

I have tried:

```
Vanity# kadmin -l
kadmin> add quinriva
Max ticket life [1 day]:
Max renewable life [1 week]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
quinriva@SIN.X's Password:
Verifying - quinriva@SIN.X's Password:
kadmin: kadm5_create_principal: Principal or policy already exists
kadmin: adding quinriva: Principal or policy already exists
kadmin> del principal quinriva
kadmin: del principal: Principal does not exist
```

If I try to initialise that user.

```
Vanity# kinit quinriva
quinriva@SIN.X's Password:
kinit: krb5_get_init_creds: KDC policy rejects request
```

But it works just fine with new users that I have created.  Any ideas?


----------



## mamalos (Nov 21, 2012)

If you haven't changed your Kerberos realm, I would expect your configuration to work. Try to see what /var/heimdal/kdc.log says when this happens. Apart from that, I think that you have two options: 1) delete your kerberos users by running *del <principal_name>* after running *kadmin -l*, 2) Rebuild your database from scratch by removing your realm, initializing it again and start adding new users.


----------



## QuinRiva (Nov 23, 2012)

Yep, deleting the principal worked.  It's frustrating that the documentation isn't as clear as it could be: I thought the command was *del principal <principal_name>*


----------

