Key table entry not found

ms419@freezone.co.uk ms419 at freezone.co.uk
Sat Apr 17 03:45:14 EDT 2004 

Thanks for the suggestions ... I thought it might be the kvno - but I 
checked:
---
kadmin.local:  getprinc host/kas.ruz.lat
Principal: host/kas.ruz.lat at RUZ.LAT
Expiration date: [never]
Last password change: Sat Apr 10 01:05:38 PDT 2004
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Sat Apr 10 01:05:38 PDT 2004 (root/admin at RUZ.LAT)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 8, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 8, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]
---
kas:~# ktutil
ktutil:  rkt /etc/krb5.keytab
ktutil:  list
slot KVNO Principal
---- ---- 
---------------------------------------------------------------------
    1    8                 host/kas.ruz.lat at RUZ.LAT
    2    8                 host/kas.ruz.lat at RUZ.LAT
---
I triple checked: "kinit" on kas works. I can SSH using GSSAPI *from* 
kas *to* any machine. But I can't connect from any machine to kas using 
GSSAPI authentication. Depending on the service, I usually encounter: 
"Key table entry not found".

Again, DNS checks out:
---
kas:~> host kas
kas.ruz.lat has address 192.168.179.9
kas:~> host 192.168.179.9
9.179.168.192.in-addr.arpa domain name pointer kas.ruz.lat.
---
What else could it be?

Thanks again!

Jack

On Apr 15, 2004, at 9:41 AM, Ken Hornstein wrote:

>> Since "kadmin" doesn't support  cross realm authentication, I cannot
>> extract a keytab locally: "Ideally, you should extract each keytab
>> locally ... If this is not feasible, you should use an encrypted
>> session to send them across the network." How does one use an 
>> encrypted
>> session to send a keytab across the network?
>
> You use your favorite file transfer utility, and you turn on 
> encryption?
> E.g., krcp -x, Kerberos ftp by using the "private" command ... you
> get the idea.
>
>> I've tried extracting a keytab using "kadmin.local", then using "scp"
>> to send it to the appropriate machine. Unfortunately, I've encounter
>> errors: "Key table entry not found" I only encounter this error on
>> machines whose keytabs I haven't locally extracted - I suspect the two
>> are related?
>
> You've placed the keytab in the appropriate location?  (usually
> /etc/krb5.keytab)  Does the kvno in the keytab match the one in the 
> KDC?
> Did you try re-running kinit and then connecting again?
>
> --Ken
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>

More information about the Kerberos mailing list