Using keytab on Windows with KfW
Christopher D. Clausen
cclausen at acm.org
Sun Aug 12 13:26:11 EDT 2007
Markus Moeller <huaraz at moeller.plus.com> wrote:
> I am trying to use a keytab on Windows with KfW 3.2, but get always
> an error "Key table entry not found while getting initial
> credentials". The account works interactively and if I use the keytab
> on Unix it works fine too.
> Is this a known problem ?
>
> Markus
>
> D:\>"c:\Program Files\mit\Kerberos\bin\klist.exe" -ekt mmn.keytab
> Keytab name: FILE:mmn.keytab
> KVNO Timestamp Principal
> ---- -----------------
> -------------------------------------------------------- 1 08/12/07
> 17:37:59 markus at SUSE.HOME (ArcFour with HMAC/md5)
>
> D:\>"c:\Program Files\mit\Kerberos\bin\kinit.exe" -kt mmn.keytab
> markus at SUSE.HOME
> kinit.exe(v5): Key table entry not found while getting initial
> credentials
Works for me with a keytab from an MIT realm. What Kerberos version /
flavor is running on your KDC? Could it be a problem with supported
enc_types? What does your krb5.conf look like?
C:\>which -a kinit
C:\Program Files\MIT\Kerberos\bin\kinit.exe
C:\>filever "C:\Program Files\MIT\Kerberos\bin\kinit.exe"
--a-- W32i APP ENU 3.2.0.7005 shp 47,616 05-03-2007 kinit.exe
C:\>klist -kt krb5.keytab
Keytab name: FILE:krb5.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
3 04/27/07 21:46:09 bak-email at ILLIGAL.UIUC.EDU
3 04/27/07 21:46:09 bak-email at ILLIGAL.UIUC.EDU
3 04/27/07 21:46:09 bak-email at ILLIGAL.UIUC.EDU
3 04/27/07 21:46:09 bak-email at ILLIGAL.UIUC.EDU
3 04/27/07 21:46:09 bak-email at ILLIGAL.UIUC.EDU
C:\>kinit -kt krb5.keytab bak-email at ILLIGAL.UIUC.EDU
C:\>klist
Default principal: bak-email at ILLIGAL.UIUC.EDU
Valid starting Expires Service principal
08/12/07 12:18:03 08/12/07 22:18:00
krbtgt/ILLIGAL.UIUC.EDU at ILLIGAL.UIUC.EDU
<<CDC
More information about the Kerberos
mailing list