Problem with Kerberos Service

Christopher D. Clausen cclausen at acm.org
Thu Feb 8 16:58:44 EST 2007


LukePet <luke_pet at yahoo.it> wrote:
> So,
>> What does klist -kte (as root) show?
>
> lukesky at lukesky:~$ sudo klist -kte
>   2 02/08/07 14:13:52 host/lukesky.epiluke.it at EPILUKE.IT (Triple DES
> cbc mode with HMAC/sha1)
>   2 02/08/07 14:13:52 host/lukesky.epiluke.it at EPILUKE.IT (DES cbc
> mode with CRC-32)
>
>> Can you kinit -kt host/lukesky.epiluke.it at EPILUKE.IT on this machine?
>
> lukesky at lukesky:~$ kinit -kt host/lukesky.epiluke.it at EPILUKE.IT
> kinit(v5): Client not found in Kerberos database while getting initial
> credentials

Hmm... that looks bad.  rm /etc/krb5.keytab and re-extract the 
host/lukesky.epiluke.it keytab into /etc/krb5.keytab from kadmin.

> and If I exec kinit and telnet I have:
>
> lukesky at lukesky:~$ kinit pippo
> Password for pippo at EPILUKE.IT:
> lukesky at lukesky:~$ telnet -a -l pippo lukesky.epiluke.it
> Trying 192.168.182.121...
> Connected to admin.epiluke.it (192.168.182.121).
> Escape character is '^]'.
> Password for pippo:
> Login incorrect
>
> why? what mean?

It means its not using Kerberos, likely b/c of the problem with the host 
keytab.  If you get a password prompt Kerberos ticket forwarding has 
failed and I'd suggest simply Ctrl-C-ing out of telnet.

<<CDC 





More information about the Kerberos mailing list