Key table entry not found

CJ Keist cjay at
Thu Aug 14 18:22:26 EDT 2003

Thank you for your reply.

On Thursday, August 14, 2003, at 02:50  PM, Wyllys Ingersoll wrote:

> Im not sure what you mean when you say you are running "version  
That was the version of MIT's kerberos I downloaded.

> Are you running the Kerberos code that comes installed with Solaris 9
> by default or did you put MIT kerberos on top of a Solaris 9 system
> and are trying to use MIT Kerberos instead?
Not using what comes with Solaris, I installed the MIT over Solaris's  
kerberos stuff.

> Whose pam_krb5 module are you using - Sun's or an open source version?
Still using whatever came with Solaris pam.conf.

> You *can* put MIT KRB5 on a Solaris 9 system (though the Kerberos that
> comes with S9 is fully compatible with MIT KRB5 and in most cases you
> shouldn't need to install MIT), but you must make sure your $PATH  
> variable
> is configured so that the MIT binaries are used before the Solaris
> binaries.
On the client box I did try to use Solaris kerberos stuff, but was  
unable to get kadmin to talk to my KDC.  Kept giving me a "realm  
missmatch" error.  So I gave up and installed the MIT stuff, that got  
my kadmin to talk to my KDC.

> Example: /usr/local/bin/kinit must be found before /usr/bin/kinit in
> order to use the 3rd party version.
I installed the MIT kerberos right over Solaris's kerberos stuff.

> The Solaris Kerberos code expects the various Kerberos config files
> and keytab files to be kept in /etc/krb5/ instead of just in /etc
> which is where MIT expects to find them.  Try creating softlinks
> from the /etc directory to the various files in /etc/krb5 if you
> are using MIT kerberos.
Did that.  Plust klist -ke does show my keytab file okay.

> ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab
> ln -s /etc/krb5/krb5.conf /etc/krb5.conf
> One other suggestion would be to remove the MIT installation from the
> Solaris 9 systems and use the supported Solaris Kerberos stuff, it
> will eliminate alot of confusion and mismatches like you are seeing.

Looks like I will try that next.  I didn't realize that Solaris 9 had  
kerberos already installed, just assumed I need to get the MIT version  
and install it.

> -Wyllys
> CJ Keist wrote:
>> Hello,
>>     I'm setting up a test KDC running on Solaris 9.  The version I'm   
>> running is  I have successfully installed and setup my KDC   
>> server.  I have tested it out on RH9 and everything is working there,  
>>  as in being authenticated and such.  I'm now trying to get kerberos   
>> authentication to work on another Solaris 9 box.  But am running into  
>>  problems.
>> On the Solaris 9 box I have modified the pam.conf file to kerberos,   
>> copied the krb5.conf file from my kdc and ran kadmin as follows
>> kadmin - admin/admin
>>     : ktadd host/machine_name.domain
>>     : quit
>> When I tried to telnet into the system I got denied, the message in   
>> /var/adm/messages on the client box said something about "Bad   
>> encryption type".  I found on the web to do ktadd the following:
>> kadmin -p admin/admin
>>     : ktremove host/machine_name.domain
>>     : ktadd -e des-cbc-crc:normal host/machine_name.domain
>>     : quit
>> This got rid of the "Bad encryption type" error, but I am now getting  
>>  the following error in the messages file:
>>  "Key table entry not found".   I don't know if this is saying that  
>> its  not finding the machine keytab or my UID on the KDC server?   
>> Does  anyone have any help here?
>> Thanks...

C. J. Keist                     Email: cj.keist at
UNIX/Network Manager            Phone: 970-491-0630
Engineering Network Services    Fax:   970-491-5569
College of Engineering, CSU
Ft. Collins, CO 80523-1301

All I want is a chance to prove 'Money can't buy happiness'"

More information about the Kerberos mailing list