Bizzare problem with authenticating a service principal with AD
Tom Yu
tlyu at MIT.EDU
Sun Mar 11 22:47:25 EDT 2007
>>>>> "Jason" == Jason Testart <jatestart at cs.uwaterloo.ca> writes:
Jason> I'm trying to get pam_krb5 working with an Active Directory domain. It
Jason> works when I don't have a krb5.keytab file but it doesn't when I do,
Jason> since the verification of the TGT using the service principal fails with
Jason> an error: "Key table entry not found". The keytab file is simple as it
Jason> only contains the "host" service principal for the Ubuntu Linux box that
Jason> I am testing with.
Jason> So, I figured I screwed-up somehow with the generation of the keytab
Jason> file using ktpass.exe. However, I don't think I did. When I run "klist
Jason> -k", copy the principal name from the output, and paste that principal
Jason> name to the end of "kinit -k", I still get the error:
Jason> kinit(v5): Key table entry not found while getting initial credentials
Do your key version numbers match?
More information about the Kerberos
mailing list