Client keytab ignored
Michael-O
1983-01-06 at gmx.net
Wed Mar 26 12:34:54 EDT 2014
Hi,
I am trying to obtain a service ticket with a client keytab for my account. Unfortunately it fails. I wanted to narrow this down and tried to peform the very same operation with
$ kinit -k -t my.keytab
and it says kinit: Keytab contains no suitable keys for host/fqdn at REALM while getting initial credentials.
The question is, why does it completely ignore my keytab and tries the default one in /etc?
Additionally, I have set KRB5_CLIENT_KTNAME and KRB5_KTNAME with $HOME/my.keytab and FILE:$HOME/my.keytab, no avail.
Is there any trick to make a client keytab work with kinit and GSS-API init_sec_context?
The MIT Krb5 docs say that the first principal from the keytab is taken and my principal is in the keytab which I have created with ktutil.
I am on RHEL 6.5, Linux <fqdn> 2.6.32-431.5.1.el6.x86_64 #1 SMP Fri Jan 10 14:46:43 EST 2014 x86_64 x86_64 x86_64 GNU/Linux, MIT Kerberos from standard yum repository.
Thanks,
Michael
More information about the Kerberos
mailing list