[31395] in Kerberos
Re: Status 0x96c73ac3 - No credentials cache found
daemon@ATHENA.MIT.EDU (Edward Murrell)
Tue Aug 18 17:04:42 2009
From: Edward Murrell <edward@murrell.co.nz>
To: dxtans <david.tansley@btinternet.com>
In-Reply-To: <97516dc7-3ed6-4dfe-954a-8d656ed1fe8a@g10g2000yqh.googlegroups.com>
Date: Wed, 19 Aug 2009 09:05:25 +1200
Message-Id: <1250629525.3903.1.camel@entropy>
Mime-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
You will need to specify the principle you wish to use when running
kinit. This is because keytabs can contain multiple principles.
ie;
kinit -kt /etc/krb5/krb5.keytab host/uk0108.bxc.com@BXC.COM
Hope this helps!
Cheers,
Edward
On Tue, 2009-08-18 at 13:04 -0700, dxtans wrote:
> Hello,
> I have installed kerberos v5 on aix, the principle account has been
> created Ok on the AD server.
> But when I try and run kinit on the unix side I get:
>
>
> ktutil: rkt /etc/krb5/uk0108.keytab
> ktutil: list
> slot KVNO Principal
> ------ ------ ------------------------------------------------------
> 1 5 host/uk0108.bxc.com@BXC.COM
> ktutil: wkt /etc/krb5/krb5.keytab
> ktutil: quit
>
> kinit -kt /etc/krb5/krb5.keytab
> Unable to obtain initial credentials.
> Status 0x96c73ab5 - Key table entry not found.
>
> Now I have googled this error, I can confirm, that I can resolv
> correctly both forward and reverse lookups usng dig and host for the
> fqdn. That the config file is correct with the domain name.
>
> I have used tcpdump on the inteface and althought I see connections to
> port 88 on the AD side, there is nothing being passed.
> I am running this as root. Should I create the principle account
> (uk0108) also on the unix side and run the above commands as that use?
>
> Does anybody have any other avenues I can investigate.
>
>
> My conf file is:
>
> [libdefaults]
> default_realm = BXC.COM
> dns_lookup_realm = false
> dns_lookup_kdc = false
> default_keytab_name = FILE:/etc/krb5/krb5.keytab
> default_tkt_enctypes = des-cbc-md5
> default_tgs_enctypes = des-cbc-md5
>
>
> [realms]
> BXC.COM = {
> kdc = ukad01.bxc.com:88
> admin_server = uk0108.bxc.com:749
> default_domain = bxc.com
> }
>
> [domain_realm]
> .bxc.com = BXC.COM
> uk0108.bxc.com = BXC.COM
> [logging]
> kdc = FILE:/var/krb5/log/krb5kdc.log
> admin_server = FILE:/var/krb5/log/kadmin.log
> default = FILE:/var/krb5/log/krb5lib.log
>
>
>
>
>
> thanks
> dxtans
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
