kinit: Key table entry not found while getting initial credentials - Kerberos

This is a discussion on kinit: Key table entry not found while getting initial credentials - Kerberos ; Hi Kerberos experts, could anyone help me in addressing this issue since I am a T-O-T-A-L newbie in Kerberos. I have to retrieve kerberos credential in Solaris 5.8 (SEAM 1.0.1) using a windows2003 Active Directory as KDC, and I am ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: kinit: Key table entry not found while getting initial credentials

  1. kinit: Key table entry not found while getting initial credentials

    Hi Kerberos experts,

    could anyone help me in addressing this issue since I am a T-O-T-A-L
    newbie in Kerberos.

    I have to retrieve kerberos credential in Solaris 5.8 (SEAM 1.0.1)
    using a windows2003 Active Directory as KDC, and I am compelled to use
    the credential of a user different from Solaris' user.

    Let's say I work with user appadm on Solaris and user
    domuser@resource.corp in AD.

    AD administrator generated a keytab for my Solaris user in this way:

    Ktpass -princ kerberos/domuser.resource.corp@RESOURCE.CORP -mapuser
    domuser -pass [passwd of domuser] -out domuser.keytab

    and gave me the domuser.keytab file.

    I configured krb5.conf and stored the content of this keytab file in
    /etc/krb5/krb5.keytab via ktutil:

    ktutil: rkt domuser.keytab
    ktutil: l
    slot KVNO Principal
    ---- ----
    --------------------------------------------------------------------------
    1 4 kerberos/domuser.resource.corp@RESOURCE.CORP
    ktutil: wkt /etc/krb5/krb5.keytab
    ktutil: q

    Now I think my krb5.conf is correct since I am able to get a TGT via
    kinit in this way:
    kinit kerberos/domuser.resource.corp@RESOURCE.CORP
    then I enter domuser's password and with klist I can see the TGT.
    But I need to obtain the credentials without entering a password since
    the kinit command has to be put in the startup script of an
    application. So I tried this:

    appadm 99% kinit -k kerberos/domuser.resource.corp@RESOURCE.CORP
    kinit: Key table entry not found while getting initial credentials

    :-S ...nothing useful found till now to explain this... what's wrong?
    Any help appreciated.
    Thanks in advance!
    Sandro


  2. Re: kinit: Key table entry not found while getting initialcredentials

    "scoco" writes:

    > Hi Kerberos experts,
    >
    > could anyone help me in addressing this issue since I am a T-O-T-A-L
    > newbie in Kerberos.
    >
    > I have to retrieve kerberos credential in Solaris 5.8 (SEAM 1.0.1)
    > using a windows2003 Active Directory as KDC, and I am compelled to use
    > the credential of a user different from Solaris' user.
    >
    > Let's say I work with user appadm on Solaris and user
    > domuser@resource.corp in AD.
    >
    > AD administrator generated a keytab for my Solaris user in this way:
    >
    > Ktpass -princ kerberos/domuser.resource.corp@RESOURCE.CORP -mapuser
    > domuser -pass [passwd of domuser] -out domuser.keytab
    >
    > and gave me the domuser.keytab file.
    >
    > I configured krb5.conf and stored the content of this keytab file in
    > /etc/krb5/krb5.keytab via ktutil:
    >
    > ktutil: rkt domuser.keytab
    > ktutil: l
    > slot KVNO Principal
    > ---- ----
    > --------------------------------------------------------------------------
    > 1 4 kerberos/domuser.resource.corp@RESOURCE.CORP
    > ktutil: wkt /etc/krb5/krb5.keytab
    > ktutil: q
    >
    > Now I think my krb5.conf is correct since I am able to get a TGT via
    > kinit in this way:
    > kinit kerberos/domuser.resource.corp@RESOURCE.CORP
    > then I enter domuser's password and with klist I can see the TGT.
    > But I need to obtain the credentials without entering a password since
    > the kinit command has to be put in the startup script of an
    > application. So I tried this:
    >
    > appadm 99% kinit -k kerberos/domuser.resource.corp@RESOURCE.CORP
    > kinit: Key table entry not found while getting initial credentials
    >
    > :-S ...nothing useful found till now to explain this... what's wrong?


    Key table entry not found while getting initial credentials
    This means it could not found the credentials entries. in the keytab.

    try kinit --keytab=/etc/krb5/krb5.keytab \
    kerberos/domuser.resource.corp@RESOURCE.CORP

    IIRC the default keytab is /etc/krb5.keytab not /etc/krb5/....


    > Any help appreciated.
    > Thanks in advance!
    > Sandro


  3. Re: kinit: Key table entry not found while getting initial credentials

    If not already to late to answer "klist -ke" will give you a list if what is
    in the keytab.



+ Reply to Thread