Problem with Kerberos Service
Christopher D. Clausen
cclausen at acm.org
Thu Feb 8 16:58:44 EST 2007
LukePet <luke_pet at yahoo.it> wrote:
> So,
>> What does klist -kte (as root) show?
>
> lukesky at lukesky:~$ sudo klist -kte
> 2 02/08/07 14:13:52 host/lukesky.epiluke.it at EPILUKE.IT (Triple DES
> cbc mode with HMAC/sha1)
> 2 02/08/07 14:13:52 host/lukesky.epiluke.it at EPILUKE.IT (DES cbc
> mode with CRC-32)
>
>> Can you kinit -kt host/lukesky.epiluke.it at EPILUKE.IT on this machine?
>
> lukesky at lukesky:~$ kinit -kt host/lukesky.epiluke.it at EPILUKE.IT
> kinit(v5): Client not found in Kerberos database while getting initial
> credentials
Hmm... that looks bad. rm /etc/krb5.keytab and re-extract the
host/lukesky.epiluke.it keytab into /etc/krb5.keytab from kadmin.
> and If I exec kinit and telnet I have:
>
> lukesky at lukesky:~$ kinit pippo
> Password for pippo at EPILUKE.IT:
> lukesky at lukesky:~$ telnet -a -l pippo lukesky.epiluke.it
> Trying 192.168.182.121...
> Connected to admin.epiluke.it (192.168.182.121).
> Escape character is '^]'.
> Password for pippo:
> Login incorrect
>
> why? what mean?
It means its not using Kerberos, likely b/c of the problem with the host
keytab. If you get a password prompt Kerberos ticket forwarding has
failed and I'd suggest simply Ctrl-C-ing out of telnet.
<<CDC
More information about the Kerberos
mailing list