Newbie: "Server not found in Kerberos database"

Thomas A. La Porte tlaporte at anim.dreamworks.com
Tue Mar 15 17:11:40 EST 2005


Michael,

Have a look at the logs on your KDC. You should see the log of 
the failure (it should be an UNKNOWN_SERVER error in the KDC 
log). Something like the following:

Mar 15 13:54:40 kdc krb5kdc[7230](info): TGS_REQ (7 etypes {23 
-133 -128 3 1 24 -135}) x.x.x.x: UNKNOWN_SERVER: authtime 
1110921581,  user at EXAMPLE.COM for krbtgt/example.com at EXAMPLE.COM, Server not found 
in Kerberos database

 -- Tom

Thomas A. La Porte, DreamWorks SKG
<mailto:tlaporte at anim.dreamworks.com>          


On 15 Mar 2005, Michael Urban wrote:

>I am still in 'toy installation mode'.  I have set up a KDC
>on a Linux machine, call it kervara.mygroup.org  I have successfully
>set things up to the point that I can kinit from various clients.
>
>I have also set up OpenSSH 3.9p1 to use GSSAPI authentication.
>When I am logged into kervara, and have a valid TGT from this
>realm, I can successfully ssh into kervara.mygroup.org without
>a password; the keytab contains entries for the host/kervara.mygroup.org
>principal.  This is the way things are supposed to work.  Life is good.
>
>The problem comes when I attempt to do the same thing with the same
>version of OpenSSH built with the same options on a Solaris machine.
>In that case, the server logs a "Server not found in Kerberos database"
>message and gives up.  I have looked at all the obvious candidates
>(wrong DNS entry, disagreement as to host name in /etc/hosts and
>DNS, etc) and come up empty.
>
>Unfortunately, the log messages do not tell me _what_ principal it
>was trying to find in krb5.keytab (I assume that this is where
>the mismatch or missing entry is).
>
>Is there a way to squeeze more diagnostic information?  Or does
>this sound like a familiar problem?
>________________________________________________
>Kerberos mailing list           Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>



More information about the Kerberos mailing list