Extract Keytab Remotely, Key table entry not found
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Apr 15 12:41:07 EDT 2004
>Since "kadmin" doesn't support cross realm authentication, I cannot
>extract a keytab locally: "Ideally, you should extract each keytab
>locally ... If this is not feasible, you should use an encrypted
>session to send them across the network." How does one use an encrypted
>session to send a keytab across the network?
You use your favorite file transfer utility, and you turn on encryption?
E.g., krcp -x, Kerberos ftp by using the "private" command ... you
get the idea.
>I've tried extracting a keytab using "kadmin.local", then using "scp"
>to send it to the appropriate machine. Unfortunately, I've encounter
>errors: "Key table entry not found" I only encounter this error on
>machines whose keytabs I haven't locally extracted - I suspect the two
>are related?
You've placed the keytab in the appropriate location? (usually
/etc/krb5.keytab) Does the kvno in the keytab match the one in the KDC?
Did you try re-running kinit and then connecting again?
--Ken
More information about the Kerberos
mailing list