Key table entry not found
wyllys.ingersoll at sun.com
Thu Aug 14 16:50:25 EDT 2003
Im not sure what you mean when you say you are running "version 184.108.40.206".
Are you running the Kerberos code that comes installed with Solaris 9
by default or did you put MIT kerberos on top of a Solaris 9 system
and are trying to use MIT Kerberos instead?
Whose pam_krb5 module are you using - Sun's or an open source version?
You *can* put MIT KRB5 on a Solaris 9 system (though the Kerberos that
comes with S9 is fully compatible with MIT KRB5 and in most cases you
shouldn't need to install MIT), but you must make sure your $PATH variable
is configured so that the MIT binaries are used before the Solaris
Example: /usr/local/bin/kinit must be found before /usr/bin/kinit in
order to use the 3rd party version.
The Solaris Kerberos code expects the various Kerberos config files
and keytab files to be kept in /etc/krb5/ instead of just in /etc
which is where MIT expects to find them. Try creating softlinks
from the /etc directory to the various files in /etc/krb5 if you
are using MIT kerberos.
ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab
ln -s /etc/krb5/krb5.conf /etc/krb5.conf
One other suggestion would be to remove the MIT installation from the
Solaris 9 systems and use the supported Solaris Kerberos stuff, it
will eliminate alot of confusion and mismatches like you are seeing.
CJ Keist wrote:
> I'm setting up a test KDC running on Solaris 9. The version I'm
> running is 220.127.116.11. I have successfully installed and setup my KDC
> server. I have tested it out on RH9 and everything is working there,
> as in being authenticated and such. I'm now trying to get kerberos
> authentication to work on another Solaris 9 box. But am running into
> On the Solaris 9 box I have modified the pam.conf file to kerberos,
> copied the krb5.conf file from my kdc and ran kadmin as follows
> kadmin - admin/admin
> : ktadd host/machine_name.domain
> : quit
> When I tried to telnet into the system I got denied, the message in
> /var/adm/messages on the client box said something about "Bad
> encryption type". I found on the web to do ktadd the following:
> kadmin -p admin/admin
> : ktremove host/machine_name.domain
> : ktadd -e des-cbc-crc:normal host/machine_name.domain
> : quit
> This got rid of the "Bad encryption type" error, but I am now getting
> the following error in the messages file:
> "Key table entry not found". I don't know if this is saying that its
> not finding the machine keytab or my UID on the KDC server? Does
> anyone have any help here?
More information about the Kerberos