Using keytab on Windows with KfW

Christopher D. Clausen cclausen at acm.org
Sun Aug 12 13:26:11 EDT 2007


Markus Moeller <huaraz at moeller.plus.com> wrote:
> I am trying to use a keytab on Windows with KfW 3.2, but get always
> an error "Key table entry not found while getting initial
> credentials". The account works interactively and if I use the keytab
> on Unix it works fine too.
> Is this a known problem ?
>
> Markus
>
> D:\>"c:\Program Files\mit\Kerberos\bin\klist.exe" -ekt mmn.keytab
> Keytab name: FILE:mmn.keytab
> KVNO Timestamp         Principal
> ---- -----------------
>   -------------------------------------------------------- 1 08/12/07
> 17:37:59 markus at SUSE.HOME (ArcFour with HMAC/md5)
>
> D:\>"c:\Program Files\mit\Kerberos\bin\kinit.exe" -kt mmn.keytab
> markus at SUSE.HOME
> kinit.exe(v5): Key table entry not found while getting initial
> credentials

Works for me with a keytab from an MIT realm.  What Kerberos version / 
flavor is running on your KDC?  Could it be a problem with supported 
enc_types?  What does your krb5.conf look like?

C:\>which -a kinit
C:\Program Files\MIT\Kerberos\bin\kinit.exe

C:\>filever "C:\Program Files\MIT\Kerberos\bin\kinit.exe"
--a-- W32i   APP ENU      3.2.0.7005 shp     47,616 05-03-2007 kinit.exe

C:\>klist -kt krb5.keytab
Keytab name: FILE:krb5.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   3 04/27/07 21:46:09 bak-email at ILLIGAL.UIUC.EDU
   3 04/27/07 21:46:09 bak-email at ILLIGAL.UIUC.EDU
   3 04/27/07 21:46:09 bak-email at ILLIGAL.UIUC.EDU
   3 04/27/07 21:46:09 bak-email at ILLIGAL.UIUC.EDU
   3 04/27/07 21:46:09 bak-email at ILLIGAL.UIUC.EDU

C:\>kinit -kt krb5.keytab bak-email at ILLIGAL.UIUC.EDU

C:\>klist
Default principal: bak-email at ILLIGAL.UIUC.EDU
Valid starting     Expires            Service principal
08/12/07 12:18:03  08/12/07 22:18:00 
krbtgt/ILLIGAL.UIUC.EDU at ILLIGAL.UIUC.EDU

<<CDC 





More information about the Kerberos mailing list