Solaris using Kerberos

Jeffrey Hutzelman jhutz at
Tue Dec 7 20:00:26 EST 2004

On Tuesday, December 07, 2004 16:26:39 -0600 David A Flores 
<David.A.Flores at> wrote:

> Help anyone,
> We are using a Windows domain controller as a KDC and we are trying to
> authenticate a Solaris 9.0 OS box using Kerberos.  The following is the
> command we use to create the keytab file:
> ktpass -princ host/ at UTHSCU.EDU -mapuser dean19 -pass *
> -out c:\dean19.keytab
> Once we create the keytab file we send it to the sever via ssh.  Attached
> are the pam.conf file and the krb5.conf that we configured.  One the
> computer called dean19 we ran the ktutil
> rkt /etc/krb5/dean.keytab
> wkt /etc/krb5/krb5.keytab

Why are you doing this, instead of just renaming the file?

> After the rkt and the wkt commands we do a list and it shows a "slot KVNO
> Principal"

You haven't quoted the whole output, so I can't be sure, but I think what 
you are describing here is the output you get when there are _no_ keys in 
the keytab -- the text you quoted is the column headers.

> But when we try to login to the box we get the following error.
> Dec  7 16:27:38 dean19 login: [ID 537602 auth.error] PAM-KRB5 (auth):
> krb5_verify_init_creds failed: Key table entry not found

This is consistent with the key service key not being in the keytab.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA

More information about the Kerberos mailing list