help with Active Directory Kerberos authentication

Christopher D. Clausen cclausen at
Tue Oct 10 19:26:49 EDT 2006

Russ Allbery <rra at> wrote:
> Rohit Kumar Mehta <rohitm at> writes:
>> debug1: Miscellaneous failure
>> No principal in keytab matches desired name.
>> My krb5.keytab looks like this:
>> nfsv4etch:~# ktutil
>> ktutil:  rkt /etc/krb5.keytab
>> ktutil:  l
>> slot KVNO Principal
>> ---- ----
>> ---------------------------------------------------------------------
>> 1    4 host/ at AD.ENGR.UCONN.EDU
>> Does that look like it's generated properly?
> I've run into this problem before (not with AD, but with MIT
> Kerberos) and haven't been able to figure out what was causing it.
> My theory was some sort of realm configuration mismatch, but I'm not
> at all sure.

What does hostname (or hostname -f) return on your computer?

And then do an IP lookup on that.  If it resolves to a 127.*.*.* address 
its not likely to work.


More information about the Kerberos mailing list