Key table entry not found

Wyllys Ingersoll wyllys.ingersoll at sun.com
Thu Aug 14 16:50:25 EDT 2003 

Im not sure what you mean when you say you are running "version 5.1.3.1".

Are you running the Kerberos code that comes installed with Solaris 9
by default or did you put MIT kerberos on top of a Solaris 9 system
and are trying to use MIT Kerberos instead?

Whose pam_krb5 module are you using - Sun's or an open source version?

You *can* put MIT KRB5 on a Solaris 9 system (though the Kerberos that
comes with S9 is fully compatible with MIT KRB5 and in most cases you
shouldn't need to install MIT), but you must make sure your $PATH variable
is configured so that the MIT binaries are used before the Solaris
binaries.

Example: /usr/local/bin/kinit must be found before /usr/bin/kinit in
order to use the 3rd party version.

The Solaris Kerberos code expects the various Kerberos config files
and keytab files to be kept in /etc/krb5/ instead of just in /etc
which is where MIT expects to find them.  Try creating softlinks
from the /etc directory to the various files in /etc/krb5 if you
are using MIT kerberos.

ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab
ln -s /etc/krb5/krb5.conf /etc/krb5.conf

One other suggestion would be to remove the MIT installation from the
Solaris 9 systems and use the supported Solaris Kerberos stuff, it
will eliminate alot of confusion and mismatches like you are seeing.

-Wyllys


CJ Keist wrote:
> Hello,
>     I'm setting up a test KDC running on Solaris 9.  The version I'm  
> running is 5.1.3.1.  I have successfully installed and setup my KDC  
> server.  I have tested it out on RH9 and everything is working there,  
> as in being authenticated and such.  I'm now trying to get kerberos  
> authentication to work on another Solaris 9 box.  But am running into  
> problems.
> On the Solaris 9 box I have modified the pam.conf file to kerberos,  
> copied the krb5.conf file from my kdc and ran kadmin as follows
> 
> kadmin - admin/admin
>     : ktadd host/machine_name.domain
>     : quit
> 
> When I tried to telnet into the system I got denied, the message in  
> /var/adm/messages on the client box said something about "Bad  
> encryption type".  I found on the web to do ktadd the following:
> 
> kadmin -p admin/admin
>     : ktremove host/machine_name.domain
>     : ktadd -e des-cbc-crc:normal host/machine_name.domain
>     : quit
> 
> This got rid of the "Bad encryption type" error, but I am now getting  
> the following error in the messages file:
>  "Key table entry not found".   I don't know if this is saying that its  
> not finding the machine keytab or my UID on the KDC server?  Does  
> anyone have any help here?
> 
> Thanks...
>

More information about the Kerberos mailing list