Issue with Kerberos setting in Sun Solaris 10
Benjamin Kaduk
kaduk at MIT.EDU
Mon Apr 22 16:27:59 EDT 2013
[putting the list back in the cc]
On Mon, 22 Apr 2013, Ray Vand wrote:
> Ben,
>
> kvno was 9 because I gave a new value in addent command.
>
> ktutil: addent -password -p sapldap/ads.company.com at COMPANY.COM -k 9 -e DES-CBC-MD5
Ah, okay. As I said earlier, I don't think this kvno will affect 'kinit
-k', but is relevant when used as an acceptor.
> I created a new one with kvno 7 and tried it. Still getting initial
> credentials error.
Right, I wouldn't expect that to change.
Some ways of generating a keytab will increment the kvno on the KDC, which
will cause problems for existing keytabs; it sounds like that is not what
is causing this problem.
> ktutil: addent -password -p sapldap/ads.company.com@ COMPANY.COM -k 7 -e DES-CBC-MD5
> Password for sapldap/ads.company.com@ COMPANY.COM:
> ktutil: list
> slot KVNO Principal
> ---- ---- ---------------------------------------------------------------------
> 1 7 sapldap/ads.company.com@ COMPANY.COM
> ktutil: wkt /tmp/ray.keytab
> ktutil: q
>
> # cp /tmp/ray.keytab /etc/krb5/krb5.keytab
>
> # kinit -k -t /etc/krb5/krb5.keytab sapldap/ads.company.com@ COMPANY.COM
> kinit(v5): Key table entry not found while getting initial credentials
I assume the space between '@' and "COMPANY.COM" is introduced while
transcribing into email? If it is present in the actual command line it
may cause problems.
You never did say if you are using the Solaris integrated tools or an
external installation of MIT kerberos.
-Ben
More information about the Kerberos
mailing list