Key table entry not found

Jeffrey Altman jaltman2 at nyc.rr.com
Sat Apr 17 10:54:45 EDT 2004 

What does "hostname" say the machine name is?


ms419 at freezone.co.uk wrote:
> Thanks for the suggestions ... I thought it might be the kvno - but I 
> checked:
> ---
> kadmin.local:  getprinc host/kas.ruz.lat
> Principal: host/kas.ruz.lat at RUZ.LAT
> Expiration date: [never]
> Last password change: Sat Apr 10 01:05:38 PDT 2004
> Password expiration date: [none]
> Maximum ticket life: 0 days 10:00:00
> Maximum renewable life: 7 days 00:00:00
> Last modified: Sat Apr 10 01:05:38 PDT 2004 (root/admin at RUZ.LAT)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
> Number of keys: 2
> Key: vno 8, Triple DES cbc mode with HMAC/sha1, no salt
> Key: vno 8, DES cbc mode with CRC-32, no salt
> Attributes:
> Policy: [none]
> ---
> kas:~# ktutil
> ktutil:  rkt /etc/krb5.keytab
> ktutil:  list
> slot KVNO Principal
> ---- ---- 
> ---------------------------------------------------------------------
>    1    8                 host/kas.ruz.lat at RUZ.LAT
>    2    8                 host/kas.ruz.lat at RUZ.LAT
> ---
> I triple checked: "kinit" on kas works. I can SSH using GSSAPI *from* 
> kas *to* any machine. But I can't connect from any machine to kas using 
> GSSAPI authentication. Depending on the service, I usually encounter: 
> "Key table entry not found".
> 
> Again, DNS checks out:
> ---
> kas:~> host kas
> kas.ruz.lat has address 192.168.179.9
> kas:~> host 192.168.179.9
> 9.179.168.192.in-addr.arpa domain name pointer kas.ruz.lat.
> ---
> What else could it be?
> 
> Thanks again!
> 
> Jack
> 
> On Apr 15, 2004, at 9:41 AM, Ken Hornstein wrote:
> 
>>> Since "kadmin" doesn't support  cross realm authentication, I cannot
>>> extract a keytab locally: "Ideally, you should extract each keytab
>>> locally ... If this is not feasible, you should use an encrypted
>>> session to send them across the network." How does one use an encrypted
>>> session to send a keytab across the network?
>>
>>
>> You use your favorite file transfer utility, and you turn on encryption?
>> E.g., krcp -x, Kerberos ftp by using the "private" command ... you
>> get the idea.
>>
>>> I've tried extracting a keytab using "kadmin.local", then using "scp"
>>> to send it to the appropriate machine. Unfortunately, I've encounter
>>> errors: "Key table entry not found" I only encounter this error on
>>> machines whose keytabs I haven't locally extracted - I suspect the two
>>> are related?
>>
>>
>> You've placed the keytab in the appropriate location?  (usually
>> /etc/krb5.keytab)  Does the kvno in the keytab match the one in the KDC?
>> Did you try re-running kinit and then connecting again?
>>
>> --Ken
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu

More information about the Kerberos mailing list