Extract Keytab Remotely, Key table entry not found

ms419@freezone.co.uk ms419 at freezone.co.uk
Thu Apr 15 04:33:32 EDT 2004


Since "kadmin" doesn't support  cross realm authentication, I cannot 
extract a keytab locally: "Ideally, you should extract each keytab 
locally ... If this is not feasible, you should use an encrypted 
session to send them across the network." How does one use an encrypted 
session to send a keytab across the network?

I've tried extracting a keytab using "kadmin.local", then using "scp" 
to send it to the appropriate machine. Unfortunately, I've encounter 
errors: "Key table entry not found" I only encounter this error on 
machines whose keytabs I haven't locally extracted - I suspect the two 
are related?

I verified DNS is OK. I can use "kinit" to obtain a ticket, but "sshd" 
won't authenticate using GSSAPI. Apache negotiate authentication is 
also broken.

Jack

On Apr 4, 2004, at 5:49 PM, Sam Hartman wrote:

> You cannot use cross realm auth for kadmin.



More information about the Kerberos mailing list