kinit error

Klaas Hagemann kerberos at northsailor.de
Thu Mar 13 07:09:10 EST 2003 

Chee Leong Dew schrieb:
> Hi Klass,
> 
> Sorry for interrrupting u again, but I really need helps from forum to
> solved my problem here. Sorry again for the interruption.

np, that's for what mailing lists are for.

> 
> I used klist; it show :
> 
> -----------------------------------------------------------------------
> [root at client8 sbin]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: root/admin at CLIENT8.MYTESQ.COM
> 
> Valid starting     Expires            Service principal
> 03/12/03 17:47:46  03/13/03 03:47:46 
> krbtgt/CLIENT8.MYTESQ.COM at CLIENT8.MYTESQ.COM

So you already have a tgt..... it will expire at 03:47.
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> -----------------------------------------------------------------------
> 
> 
> Then I used kinit to obtain TGT for root/admin:
> -----------------------------------------------------------------------
> [root at client8 sbin]# kinit -V root/admin
> Password for root/admin at CLIENT8.MYTESQ.COM:
> Authenticated to Kerberos v5
> -----------------------------------------------------------------------
> 
> Then i used klist again :
> -----------------------------------------------------------------------
> [root at client8 sbin]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: root/admin at CLIENT8.MYTESQ.COM
> 
> Valid starting     Expires            Service principal
> 03/13/03 09:06:07  03/13/03 19:06:07 
> krbtgt/CLIENT8.MYTESQ.COM at CLIENT8.MYTESQ.COM

So you got a new ticket expiring at 19:06:07.

> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> -----------------------------------------------------------------------
> 
>>From the output, I didn't see any new entry is added in.Something like :
>  
> Valid starting     Expires            Service principal
> 03/13/03 09:06:07  03/13/03 19:06:07
> root/admin/CLIENT8.MYTESQ.COM at CLIENT8.MYTESQ.COM
> 
> It is suppose to show a new entry to indicate that a nre TGT is assigned
> to principal root/admin ? ?

You can only hold one tgt at once. So if you alreade have a ticket, the 
old one is destroyed and replaced by the new one.

> 
> Actually I am facing problem with JAAS-GSSAPI on this. I try to obtain
> th TGT from Kerberos so that I can implement single -sign on the client
> side. 

Ok, normally you get the tgt during login-session on the operating 
system. The application itsselfs need to use this tgt to obtain a 
service ticket.
Normally that is the job of the application, but you can design it as 
you want to have it of course.

> 
> Regards,CL

Klaas

> 
> 


> 
> 
>

More information about the Kerberos mailing list