Problems with Keytabs - Kerberos

This is a discussion on Problems with Keytabs - Kerberos ; I get the following message when I run "kinit -k -t my.keytab": kinit(v5): Cannot find KDC for requested realm while getting initial credentials It works fine if I just do "kinit my_user". I did a tcpdump and noticed that when ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Problems with Keytabs

  1. Problems with Keytabs

    I get the following message when I run "kinit -k -t my.keytab":

    kinit(v5): Cannot find KDC for requested realm while getting initial credentials

    It works fine if I just do "kinit my_user". I did a tcpdump and noticed
    that when I try to use the keytab, kinit seems to look for
    _kerberos._udp.LOCALDOMAIN and _kerberos._tcp.LOCALDOMAIN. But,
    when I don't use the keytab, it queries my kerberos server,
    kerberos.mydomain.bogus. How do I alter this behavior? Thanks for
    any tips.

    --
    "I have to decide between two equally frightening options.
    If I wanted to do that, I'd vote." --Duckman


  2. Re: Problems with Keytabs

    On Jul 5, 2005, at 18:14, js1 wrote:
    > I get the following message when I run "kinit -k -t my.keytab":
    >
    > kinit(v5): Cannot find KDC for requested realm while getting initial
    > credentials
    >
    > It works fine if I just do "kinit my_user". I did a tcpdump and
    > noticed
    > that when I try to use the keytab, kinit seems to look for
    > _kerberos._udp.LOCALDOMAIN and _kerberos._tcp.LOCALDOMAIN. But,
    > when I don't use the keytab, it queries my kerberos server,
    > kerberos.mydomain.bogus. How do I alter this behavior? Thanks for
    > any tips.


    If you're using a keytab file and not specifying a principal name, the
    kinit program will attempt to use the "host" service principal for the
    local host, and will try to figure out the canonical FQDN of the host
    in the process (and then the realm, based on that hostname). I'm
    guessing it's coming up with "LOCALDOMAIN" when it tries to do that
    step. Check your network configuration....

    Ken

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: Problems with Keytabs

    On 2005-07-05, Ken Raeburn wrote:
    >
    > not specifying a principal name
    >


    Doh! Thanks for catching that.


    --
    "I have to decide between two equally frightening options.
    If I wanted to do that, I'd vote." --Duckman


+ Reply to Thread