Cannot resolve network address for KDC in requested realm while getting initial credentials
Donn Cave
donn at u.washington.edu
Fri Jan 21 12:17:12 EST 2005
In article <1106262399.697619.93400 at f14g2000cwb.googlegroups.com>,
David.Moor at oracle.com wrote:
> kinit test
> Password for test at host.COM:
...
> However, I can't kinit using this keytab file:
>
> [root at host/var/kerberos/krb5kdc]$ kinit -k kadm5test
> kinit(v5): Cannot resolve network address for KDC in requested realm
> while getting initial credentials
In the course of this message you don't show the same
realm twice, for a total of four different realms
(host.COM is not the same realm as HOST.COM.) If that's
really the case, I believe it could account for the error
shown above. You may find some details on this in the
KDC syslog.
The kadmin function that populates a keytab does create
a new key version, so the old one is no longer valid for
new ticket requests. That's normally a feature. If you
want to store the key for a typeable password in a keytab,
I believe you can use ktutil for this.
Donn Cave, donn at u.washington.edu
> klist shows:
>
> [root at bde-idm3 /var/kerberos/krb5kdc]$ klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: test at BDE-IDM3.US.ORACLE.COM
>
> Valid starting Expires Service principal
> 01/20/05 14:53:59 01/21/05 00:53:59 krbtgt/HOST.COM at HOST.COM
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>
> A secondary problem is now the password seems to have been changed
> after creating the keytab, and I can no longer kinit (without the
> keytab):
>
> [root at host /var/kerberos/krb5kdc]$ kinit test
> Password for test at host.US.ORACLE.COM:
> kinit(v5): Password incorrect while getting initial credentials
>
> For testing purposes I'm using my hostname as my realm name. I've
> tried logging in as root and as test, but get the same result.
>
More information about the Kerberos
mailing list