klist failed at client machine.

sam samwun at hgcbroadband.com
Fri May 28 21:43:27 EDT 2004


h.dadgari at comcast.net wrote:
> Check the messages on KDC logfile
> 
> /usr/local/var/krb5kdc/kdc.log 
> 
> Hooshang
> 
> 
> 
>>Hi,
>>
>>I have installed a KDC in a FreeBSD server, the redhat is act as a 
>>client. When I execute the command klist in redhat, I got the following 
>>error:
>>
>>root at redhat [11:17pm] [/etc]# klist
>>klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
>>
>>Kerberos 4 ticket cache: /tmp/tkt0
>>klist: You have no tickets cached
>>root at redhat [11:17pm] [/etc]#
>>
>>and kinit failed:
>>root at redhat [11:25pm] [/etc]# kinit
>>kinit(v5): Client not found in Kerberos database while getting initial 
>>credentials
>>
>>
>>do I need to start kerberos service in redhat too? it doesnt make sense 
>>to start kerberos service in redhat, because the redhat is a client.
>>
>>Thanks
>>sam

I looked at the krb5kdc.log file, it has alot of err msg about 
sam/admin at ROCK.COM not found in database:


2004-05-28T22:08:34 UNKNOWN -- sam/admin at ROCK.COM: No such entry in the 
database
2004-05-28T22:08:34 sending 122 bytes to IPv4:192.168.1.1
2004-05-28T22:36:32 AS-REQ root at ROCK.COM from IPv4:192.168.1.91 for 
krbtgt/ROCK.COM at ROCK.COM
2004-05-28T22:36:32 UNKNOWN -- root at ROCK.COM: No such entry in the 
database
2004-05-28T22:36:32 sending 119 bytes to IPv4:192.168.1.91
2004-05-28T22:36:32 AS-REQ root at ROCK.COM from IPv4:192.168.1.91 for 
krbtgt/ROCK.COM at ROCK.COM
2004-05-28T22:36:32 UNKNOWN -- root at ROCK.COM: No such entry in the 
database
2004-05-28T22:36:32 sending 119 bytes to IPv4:192.168.1.91
2004-05-28T22:44:53 AS-REQ root at ROCK.COM from IPv4:192.168.1.254 for 
krbtgt/ROCK.COM at ROCK.COM

...

the log file also shown that the  kerberos server is started and listening:
2004-05-29T09:18:01 listening on IPv6:::1 port 88/udp
2004-05-29T09:18:01 listening on IPv6:::1 port 88/tcp
2004-05-29T09:18:01 listening on IPv4:192.168.1.1 port 88/udp
2004-05-29T09:18:01 listening on IPv4:192.168.4.1 port 88/udp
2004-05-29T09:18:01 listening on IPv4:127.0.0.1 port 88/udp
2004-05-29T09:18:01 listening on IPv4:192.168.1.1 port 88/tcp
2004-05-29T09:18:01 listening on IPv4:192.168.4.1 port 88/tcp
2004-05-29T09:18:01 listening on IPv4:127.0.0.1 port 88/tcp

But the execution of the klist command failed in the server:
root at fbsd [9:25am] [~]# klist
klist: No ticket file: /tmp/krb5cc_0
root at fbsd [9:37am] [~]#

There is more than one problem now, the first one is the
sam/admin at ROCK.COM or root at ROCK.COM and the second one is don't now why 
klist can't find ticket.
For the first problem, do I need to make sure sam/root/admin at ROCK.COM 
must exist in the network enviornment, means  that they must be a  valid 
email account in the network enviornment?
For the second problem (klist), since I just boot up the machine, I 
guess the kerberos server (fbsd in this case) always clean up the ticket 
whenever it booted up? I confirmed that I have added an intruction in 
the rc.conf file (clear_tmp_enable="YES") which will automatically clean 
up the /tmp directory whenever the system started up. But save ticket 
file to the /tmp directory is not a good idea to me. How can I change 
the path of the ticket file?

Thanks
sam


More information about the Kerberos mailing list