Newbie: "Server not found in Kerberos database"
Thomas A. La Porte
tlaporte at anim.dreamworks.com
Tue Mar 15 17:11:40 EST 2005
Michael,
Have a look at the logs on your KDC. You should see the log of
the failure (it should be an UNKNOWN_SERVER error in the KDC
log). Something like the following:
Mar 15 13:54:40 kdc krb5kdc[7230](info): TGS_REQ (7 etypes {23
-133 -128 3 1 24 -135}) x.x.x.x: UNKNOWN_SERVER: authtime
1110921581, user at EXAMPLE.COM for krbtgt/example.com at EXAMPLE.COM, Server not found
in Kerberos database
-- Tom
Thomas A. La Porte, DreamWorks SKG
<mailto:tlaporte at anim.dreamworks.com>
On 15 Mar 2005, Michael Urban wrote:
>I am still in 'toy installation mode'. I have set up a KDC
>on a Linux machine, call it kervara.mygroup.org I have successfully
>set things up to the point that I can kinit from various clients.
>
>I have also set up OpenSSH 3.9p1 to use GSSAPI authentication.
>When I am logged into kervara, and have a valid TGT from this
>realm, I can successfully ssh into kervara.mygroup.org without
>a password; the keytab contains entries for the host/kervara.mygroup.org
>principal. This is the way things are supposed to work. Life is good.
>
>The problem comes when I attempt to do the same thing with the same
>version of OpenSSH built with the same options on a Solaris machine.
>In that case, the server logs a "Server not found in Kerberos database"
>message and gives up. I have looked at all the obvious candidates
>(wrong DNS entry, disagreement as to host name in /etc/hosts and
>DNS, etc) and come up empty.
>
>Unfortunately, the log messages do not tell me _what_ principal it
>was trying to find in krb5.keytab (I assume that this is where
>the mismatch or missing entry is).
>
>Is there a way to squeeze more diagnostic information? Or does
>this sound like a familiar problem?
>________________________________________________
>Kerberos mailing list Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list