[32928] in Kerberos
Re: keytab entry not found
daemon@ATHENA.MIT.EDU (Bram Cymet)
Thu Nov 25 17:08:24 2010
Message-ID: <4CEEDE41.6010006@cbnco.com>
Date: Thu, 25 Nov 2010 17:08:01 -0500
From: Bram Cymet <bcymet@cbnco.com>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <4CEDD890.9050303@cbnco.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 11/24/2010 10:31 PM, Bram Cymet wrote:
> Hi I am trying to use GSSAPI to ssh to a server with no password.
>
> On the server I am getting:
>
> debug1: Unspecified GSS failure. Minor code may provide more information
> Key table entry not found
>
> However here is my keytab:
>
> klist -ke /etc/krb5.keytab
> Keytab name: WRFILE:/etc/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
> 5 host/anubis.ls.cbn@LS.CBN (AES-256 CTS mode with 96-bit SHA-1 HMAC)
> 5 host/anubis.ls.cbn@LS.CBN (AES-128 CTS mode with 96-bit SHA-1 HMAC)
> 5 host/anubis.ls.cbn@LS.CBN (Triple DES cbc mode with HMAC/sha1)
> 5 host/anubis.ls.cbn@LS.CBN (ArcFour with HMAC/md5)
>
> The server I am trying to ssh to is anubis.ls.cbn.
>
> I have gone through a lot of of the previous mailing list posts on this
> subject but none of them have seem to help.
>
> I am a little confused as the host entry is clearly in the keytab.
>
We have solved our problem. There was a problem with our DNS entry for
anubis.ls.cbn so that it reversed to nothing. So when the server was
looking for the keytab entry is didn't know what it was looking for.
Once we fixed the reverse DNS problem everything worked perfectly.
--
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
