[14472] in Kerberos
keytab files don't work after upgrade
daemon@ATHENA.MIT.EDU (Christopher P. Lindsey)
Thu May 24 10:44:12 2001
X-Envelope-From: lindsey
X-Envelope-To: kerberos@MIT.EDU
Date: Thu, 24 May 2001 09:42:42 -0500
From: "Christopher P. Lindsey" <lindsey@mallorn.com>
To: kerberos@MIT.EDU
Message-ID: <20010524094242.A7838@mallorn.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Hi,
I've been struggling with this problem for a couple of days now.
Hopefully someone out there has a clue that they'd be willing to send
my way...
Until this past weekend I was running 1.0.6 on the KDC. I upgraded to
1.2.2, following the steps in the .info files (dumping the database,
recreating the realm, reloading the database, etc.) without any
apparent problems.
I've since discovered that keytab files don't work, giving me this
error:
kinit -k -t foo.keytab
kinit: Key table entry not found while getting initial credentials
Everything else works fine -- I can log into systems, kinit, kadmin...
If I create a new principal I can kinit with it just fine, but if I
dump it to a keytab file I get that error again.
The logs show:
May 24 09:32:30 xxxxxxxx.mallorn.com krb5kdc[4341](info): AS_REQ 64.5.xx.xx(88): ISSUE: authtime 990714750, host/xxxxxxxx.mallorn.com@MALLORN.COM for krbtgt/MALLORN.COM@MALLORN.COM
May 24 09:32:30 xxxxxxxx.mallorn.com krb5kdc[4341](info): DISPATCH: repeated (retransmitted?) request from 64.5.xx.xx port 88, resending previous response
kadmin's idea of the principal meshes just fine with the keytab file's:
Key: vno 19, DES cbc mode with CRC-32, no salt
ktutil rkt foo.keytab
ktutil:
ktutil: [lindsey@xxxxxxxx etc]# ktutil
ktutil: rkt foo.keytab
ktutil: l
slot KVNO Principal
---- ---- ----------------------------------------------
1 19 foo@MALLORN.COM
The date is right on the system and host names (and principals)
work just fine.
Kerberos was compiled with these options:
./configure --enable-dns-for-realm --prefix=/usr/local/krb5 --without-krb4
Any ideas? Please?
Thanks,
Chris
