Key table entry not found
CJ Keist
cjay at engr.colostate.edu
Thu Aug 14 18:22:26 EDT 2003
Thank you for your reply.
On Thursday, August 14, 2003, at 02:50 PM, Wyllys Ingersoll wrote:
>
> Im not sure what you mean when you say you are running "version
> 5.1.3.1".
That was the version of MIT's kerberos I downloaded.
> Are you running the Kerberos code that comes installed with Solaris 9
> by default or did you put MIT kerberos on top of a Solaris 9 system
> and are trying to use MIT Kerberos instead?
>
Not using what comes with Solaris, I installed the MIT over Solaris's
kerberos stuff.
> Whose pam_krb5 module are you using - Sun's or an open source version?
>
Still using whatever came with Solaris pam.conf.
> You *can* put MIT KRB5 on a Solaris 9 system (though the Kerberos that
> comes with S9 is fully compatible with MIT KRB5 and in most cases you
> shouldn't need to install MIT), but you must make sure your $PATH
> variable
> is configured so that the MIT binaries are used before the Solaris
> binaries.
>
On the client box I did try to use Solaris kerberos stuff, but was
unable to get kadmin to talk to my KDC. Kept giving me a "realm
missmatch" error. So I gave up and installed the MIT stuff, that got
my kadmin to talk to my KDC.
> Example: /usr/local/bin/kinit must be found before /usr/bin/kinit in
> order to use the 3rd party version.
>
I installed the MIT kerberos right over Solaris's kerberos stuff.
> The Solaris Kerberos code expects the various Kerberos config files
> and keytab files to be kept in /etc/krb5/ instead of just in /etc
> which is where MIT expects to find them. Try creating softlinks
> from the /etc directory to the various files in /etc/krb5 if you
> are using MIT kerberos.
>
Did that. Plust klist -ke does show my keytab file okay.
> ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab
> ln -s /etc/krb5/krb5.conf /etc/krb5.conf
>
> One other suggestion would be to remove the MIT installation from the
> Solaris 9 systems and use the supported Solaris Kerberos stuff, it
> will eliminate alot of confusion and mismatches like you are seeing.
Looks like I will try that next. I didn't realize that Solaris 9 had
kerberos already installed, just assumed I need to get the MIT version
and install it.
> -Wyllys
>
>
> CJ Keist wrote:
>> Hello,
>> I'm setting up a test KDC running on Solaris 9. The version I'm
>> running is 5.1.3.1. I have successfully installed and setup my KDC
>> server. I have tested it out on RH9 and everything is working there,
>> as in being authenticated and such. I'm now trying to get kerberos
>> authentication to work on another Solaris 9 box. But am running into
>> problems.
>> On the Solaris 9 box I have modified the pam.conf file to kerberos,
>> copied the krb5.conf file from my kdc and ran kadmin as follows
>> kadmin - admin/admin
>> : ktadd host/machine_name.domain
>> : quit
>> When I tried to telnet into the system I got denied, the message in
>> /var/adm/messages on the client box said something about "Bad
>> encryption type". I found on the web to do ktadd the following:
>> kadmin -p admin/admin
>> : ktremove host/machine_name.domain
>> : ktadd -e des-cbc-crc:normal host/machine_name.domain
>> : quit
>> This got rid of the "Bad encryption type" error, but I am now getting
>> the following error in the messages file:
>> "Key table entry not found". I don't know if this is saying that
>> its not finding the machine keytab or my UID on the KDC server?
>> Does anyone have any help here?
>> Thanks...
>>
------------------------------------------------------------------------
---------------------------
C. J. Keist Email: cj.keist at engr.colostate.edu
UNIX/Network Manager Phone: 970-491-0630
Engineering Network Services Fax: 970-491-5569
College of Engineering, CSU
Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness'"
More information about the Kerberos
mailing list