Extract Keytab Remotely, Key table entry not found

Ken Hornstein kenh at cmf.nrl.navy.mil
Thu Apr 15 12:41:07 EDT 2004


>Since "kadmin" doesn't support  cross realm authentication, I cannot 
>extract a keytab locally: "Ideally, you should extract each keytab 
>locally ... If this is not feasible, you should use an encrypted 
>session to send them across the network." How does one use an encrypted 
>session to send a keytab across the network?

You use your favorite file transfer utility, and you turn on encryption?
E.g., krcp -x, Kerberos ftp by using the "private" command ... you
get the idea.

>I've tried extracting a keytab using "kadmin.local", then using "scp" 
>to send it to the appropriate machine. Unfortunately, I've encounter 
>errors: "Key table entry not found" I only encounter this error on 
>machines whose keytabs I haven't locally extracted - I suspect the two 
>are related?

You've placed the keytab in the appropriate location?  (usually
/etc/krb5.keytab)  Does the kvno in the keytab match the one in the KDC?
Did you try re-running kinit and then connecting again?

--Ken


More information about the Kerberos mailing list