Problem with Kerberos Service

LukePet luke_pet at yahoo.it
Tue Feb 13 04:14:26 EST 2007 

Then....I have deleted the krb5.keytab file

after I have exect this istructions:
lukesky at lukesky:~$ sudo kadmin -p krbadm/admin
kadmin:  ktadd -k /etc/krb5.keytab host/lukesky.epiluke.it

now I have this situation:
lukesky at lukesky:~$ sudo klist -kte
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- -----------------
--------------------------------------------------------
   3 02/13/07 09:56:24 host/lukesky.epiluke.it at EPILUKE.IT (Triple DES cbc
mode with HMAC/sha1) 
   3 02/13/07 09:56:24 host/lukesky.epiluke.it at EPILUKE.IT (DES cbc mode with
CRC-32) 

but It is still wrong.....
lukesky at lukesky:~$ kinit -kt host/lukesky.epiluke.it at EPILUKE.IT
kinit(v5): Client not found in Kerberos database while getting initial
credentials

or

lukesky at lukesky:~$ kinit -k host/lukesky.epiluke.it at EPILUKE.IT
kinit(v5): Permission denied while getting initial credentials

or

lukesky at lukesky:~$ kinit host/lukesky.epiluke.it at EPILUKE.IT
Password for host/lukesky.epiluke.it at EPILUKE.IT: 
kinit(v5): Password incorrect while getting initial credentials

.....I don't understand is really strange.

What can I do?


Christopher D. Clausen wrote:
> 
> LukePet <luke_pet at yahoo.it> wrote:
>> So,
>>> What does klist -kte (as root) show?
>>
>> lukesky at lukesky:~$ sudo klist -kte
>>   2 02/08/07 14:13:52 host/lukesky.epiluke.it at EPILUKE.IT (Triple DES
>> cbc mode with HMAC/sha1)
>>   2 02/08/07 14:13:52 host/lukesky.epiluke.it at EPILUKE.IT (DES cbc
>> mode with CRC-32)
>>
>>> Can you kinit -kt host/lukesky.epiluke.it at EPILUKE.IT on this machine?
>>
>> lukesky at lukesky:~$ kinit -kt host/lukesky.epiluke.it at EPILUKE.IT
>> kinit(v5): Client not found in Kerberos database while getting initial
>> credentials
> 
> Hmm... that looks bad.  rm /etc/krb5.keytab and re-extract the 
> host/lukesky.epiluke.it keytab into /etc/krb5.keytab from kadmin.
> 
>> and If I exec kinit and telnet I have:
>>
>> lukesky at lukesky:~$ kinit pippo
>> Password for pippo at EPILUKE.IT:
>> lukesky at lukesky:~$ telnet -a -l pippo lukesky.epiluke.it
>> Trying 192.168.182.121...
>> Connected to admin.epiluke.it (192.168.182.121).
>> Escape character is '^]'.
>> Password for pippo:
>> Login incorrect
>>
>> why? what mean?
> 
> It means its not using Kerberos, likely b/c of the problem with the host 
> keytab.  If you get a password prompt Kerberos ticket forwarding has 
> failed and I'd suggest simply Ctrl-C-ing out of telnet.
> 
> <<CDC 
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 
View this message in context: http://www.nabble.com/Problem-with-Kerberos-Service-tf3189386.html#a8940805
Sent from the Kerberos - General mailing list archive at Nabble.com.

More information about the Kerberos mailing list