Migrating a Kerberos Realm

Edward Murrell edward at dlconsulting.com
Wed Nov 22 14:45:48 EST 2006


Ken Hornstein wrote:
>> Now I get a string of errors like this;
>> Nov 22 14:57:55 becks krb5kdc[5216](info): TGS_REQ (7 etypes {18 17 16
>> 23 1 3 2}) 10.37.80.11: PROCESS_TGS: authtime 0,  <unknown client> for
>> host/atlas at OFFICE, Key table entry not found
>>     
>
> So, here's what would be illuminating:
>
> - Output of "klist" after you run "kinit", but before you try to connect
>   to atlas
> - Output of "klist" after you try to connect to atlas.
> - Output of "getprinc" on krbtgt/OFFICE at DLCONSULTING.COM from BOTH kdc's.
>
>   
As requested;

edward at black ~ $ kdestroy
edward at black ~ $ kinit -f -a edward at DLCONSULTING.COM
Password for edward at DLCONSULTING.COM:
edward at black ~ $ klist
Ticket cache: FILE:/tmp/krb5cc_1000_jJozf1
Default principal: edward at DLCONSULTING.COM

Valid starting Expires Service principal
11/23/06 08:41:23 11/23/06 18:41:23 krbtgt/DLCONSULTING.COM at DLCONSULTING.COM
renew until 11/24/06 08:41:21


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
edward at black ~ $ ssh atlas
Password:

edward at black ~ $ klist
Ticket cache: FILE:/tmp/krb5cc_1000_jJozf1
Default principal: edward at DLCONSULTING.COM

Valid starting Expires Service principal
11/23/06 08:41:23 11/23/06 18:41:23 krbtgt/DLCONSULTING.COM at DLCONSULTING.COM
renew until 11/24/06 08:41:21
11/23/06 08:41:32 11/23/06 18:41:23 krbtgt/OFFICE at DLCONSULTING.COM
renew until 11/24/06 08:41:21


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
edward at black ~ $

==============
>From the DLCONSULTING.COM kdc;

kadmin.local: getprinc krbtgt/OFFICE at DLCONSULTING.COM
Principal: krbtgt/OFFICE at DLCONSULTING.COM
Expiration date: [never]
Last password change: Wed Nov 22 14:44:30 NZDT 2006
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Nov 22 14:44:30 NZDT 2006 (root/admin at DLCONSULTING.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Attributes: REQUIRES_PRE_AUTH
Policy: [none]


==============
>From the OFFICE kdc;
kadmin: getprinc krbtgt/OFFICE at DLCONSULTING.COM
Principal: krbtgt/OFFICE at DLCONSULTING.COM
Expiration date: [never]
Last password change: Wed Nov 22 14:44:53 NZDT 2006
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Nov 22 14:44:53 NZDT 2006 (edward/admin at OFFICE)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Attributes: REQUIRES_PRE_AUTH
Policy: [none]






More information about the Kerberos mailing list