help with Active Directory Kerberos authentication

Russ Allbery rra at
Tue Oct 10 19:11:28 EDT 2006

Rohit Kumar Mehta <rohitm at> writes:

> Thanks Russ, I think you might have found something.
> I did the command you suggested ssh -ddd 2>/tmp/err.txt
> and found an interesting message in the long file it created.

> 	debug1: Miscellaneous failure
> 	No principal in keytab matches desired name.

> My krb5.keytab looks like this:
> 	nfsv4etch:~# ktutil
> 	ktutil:  rkt /etc/krb5.keytab
> 	ktutil:  l
> 	slot KVNO Principal
> 	---- ----
> ---------------------------------------------------------------------
> 	1    4 host/ at AD.ENGR.UCONN.EDU

> Does that look like it's generated properly?

I've run into this problem before (not with AD, but with MIT Kerberos) and
haven't been able to figure out what was causing it.  My theory was some
sort of realm configuration mismatch, but I'm not at all sure.

Russ Allbery (rra at             <>

More information about the Kerberos mailing list