Cannot resolve network address for KDC in requested realm while getting initial credentials

Donn Cave donn at u.washington.edu
Fri Jan 21 12:17:12 EST 2005


In article <1106262399.697619.93400 at f14g2000cwb.googlegroups.com>,
 David.Moor at oracle.com wrote:

> kinit test
> Password for test at host.COM:
...
> However, I can't kinit using this keytab file:
> 
> [root at host/var/kerberos/krb5kdc]$ kinit -k kadm5test
> kinit(v5): Cannot resolve network address for KDC in requested realm
> while getting initial credentials

In the course of this message you don't show the same
realm twice, for a total of four different realms
(host.COM is not the same realm as HOST.COM.)  If that's
really the case, I believe it could account for the error
shown above.  You may find some details on this in the
KDC syslog.

The kadmin function that populates a keytab does create
a new key version, so the old one is no longer valid for
new ticket requests.  That's normally a feature.  If you
want to store the key for a typeable password in a keytab,
I believe you can use ktutil for this.

   Donn Cave, donn at u.washington.edu

> klist shows:
> 
> [root at bde-idm3 /var/kerberos/krb5kdc]$ klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: test at BDE-IDM3.US.ORACLE.COM
> 
> Valid starting     Expires            Service principal
> 01/20/05 14:53:59  01/21/05 00:53:59      krbtgt/HOST.COM at HOST.COM
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> 
> A secondary problem is now the password seems to have been changed
> after creating the keytab, and I can no longer kinit (without the
> keytab):
> 
> [root at host /var/kerberos/krb5kdc]$ kinit test
> Password for test at host.US.ORACLE.COM:
> kinit(v5): Password incorrect while getting initial credentials
> 
> For testing purposes I'm using my hostname as my realm name.  I've
> tried logging in as root and as test, but get the same result.
>


More information about the Kerberos mailing list