[27065] in Kerberos
Re: Migrating a Kerberos Realm
daemon@ATHENA.MIT.EDU (Edward Murrell)
Wed Nov 22 14:46:46 2006
Message-ID: <4564A8EC.7080205@dlconsulting.com>
Date: Thu, 23 Nov 2006 08:45:48 +1300
From: Edward Murrell <edward@dlconsulting.com>
MIME-Version: 1.0
CC: kerberos@mit.edu
In-Reply-To: <200611220600.kAM60uZa013593@ginger.cmf.nrl.navy.mil>
X-SA-Exim-Mail-From: edward@dlconsulting.com
Reply-To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Ken Hornstein wrote:
>> Now I get a string of errors like this;
>> Nov 22 14:57:55 becks krb5kdc[5216](info): TGS_REQ (7 etypes {18 17 16
>> 23 1 3 2}) 10.37.80.11: PROCESS_TGS: authtime 0, <unknown client> for
>> host/atlas@OFFICE, Key table entry not found
>>
>
> So, here's what would be illuminating:
>
> - Output of "klist" after you run "kinit", but before you try to connect
> to atlas
> - Output of "klist" after you try to connect to atlas.
> - Output of "getprinc" on krbtgt/OFFICE@DLCONSULTING.COM from BOTH kdc's.
>
>
As requested;
edward@black ~ $ kdestroy
edward@black ~ $ kinit -f -a edward@DLCONSULTING.COM
Password for edward@DLCONSULTING.COM:
edward@black ~ $ klist
Ticket cache: FILE:/tmp/krb5cc_1000_jJozf1
Default principal: edward@DLCONSULTING.COM
Valid starting Expires Service principal
11/23/06 08:41:23 11/23/06 18:41:23 krbtgt/DLCONSULTING.COM@DLCONSULTING.COM
renew until 11/24/06 08:41:21
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
edward@black ~ $ ssh atlas
Password:
edward@black ~ $ klist
Ticket cache: FILE:/tmp/krb5cc_1000_jJozf1
Default principal: edward@DLCONSULTING.COM
Valid starting Expires Service principal
11/23/06 08:41:23 11/23/06 18:41:23 krbtgt/DLCONSULTING.COM@DLCONSULTING.COM
renew until 11/24/06 08:41:21
11/23/06 08:41:32 11/23/06 18:41:23 krbtgt/OFFICE@DLCONSULTING.COM
renew until 11/24/06 08:41:21
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
edward@black ~ $
==============
>From the DLCONSULTING.COM kdc;
kadmin.local: getprinc krbtgt/OFFICE@DLCONSULTING.COM
Principal: krbtgt/OFFICE@DLCONSULTING.COM
Expiration date: [never]
Last password change: Wed Nov 22 14:44:30 NZDT 2006
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Nov 22 14:44:30 NZDT 2006 (root/admin@DLCONSULTING.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
==============
>From the OFFICE kdc;
kadmin: getprinc krbtgt/OFFICE@DLCONSULTING.COM
Principal: krbtgt/OFFICE@DLCONSULTING.COM
Expiration date: [never]
Last password change: Wed Nov 22 14:44:53 NZDT 2006
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Nov 22 14:44:53 NZDT 2006 (edward/admin@OFFICE)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
