validating keytab files: Cannot find KDC for requested realm whilegetting initial credentials

Frank Balluffi frank.balluffi at db.com
Tue Oct 26 21:29:02 EDT 2004


Adding "dns_lookup_kdc = true" to the [libdefaults] section of krb5.conf seems to fix the problem.

Frank



                                                                                                                                           
                      "Frank Balluffi"                                                                                                     
                      <frank.balluffi+exter        To:       kerberos at mit.edu                                                              
                      nal at db.com>                  cc:                                                                                     
                      Sent by:                     Subject:  validating keytab files: Cannot find KDC for requested realm                  
                      kerberos-bounces at mit.         whilegetting initial credentials                                                       
                      edu                                                                                                                  
                                                                                                                                           
                                                                                                                                           
                      10/26/2004 04:39 PM                                                                                                  
                                                                                                                                           
                                                                                                                                           




I am able to validate (test) keytab files for service1/host1.us.foo.com at FOO.COM and service2/host2.us.foo.com at FOO.COM using the command "kinit -5 -k -t keytab-file service-principal" from host1.us.foo.com, but when I try to validate a keytab file for service3/host3.au.foo.com at FOO.COM from host1.us.foo.com I get the following error:

kinit(v5): Cannot find KDC for requested realm while getting initial credentials

krb5.conf says:

[realms]
    FOO.COM = {
        kdc = ...foo.com:88
        ...
   }

[domain_realm]
    .foo.com = FOO.COM

Is this behavior expected? Do I need to be "on" a host in .au.foo.com to validate a keytab for service3/host3.au.foo.com at FOO.COM? Thanks.

Frank


--

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.


________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos





--

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.




More information about the Kerberos mailing list