Bizzare problem with authenticating a service principal with AD

Tom Yu tlyu at MIT.EDU
Sun Mar 11 22:47:25 EDT 2007


>>>>> "Jason" == Jason Testart <jatestart at cs.uwaterloo.ca> writes:

Jason> I'm trying to get pam_krb5 working with an Active Directory domain.  It 
Jason> works when I don't have a krb5.keytab file but it doesn't when I do, 
Jason> since the verification of the TGT using the service principal fails with 
Jason> an error: "Key table entry not found".  The keytab file is simple as it 
Jason> only contains the "host" service principal for the Ubuntu Linux box that 
Jason> I am testing with.

Jason> So, I figured I screwed-up somehow with the generation of the keytab 
Jason> file using ktpass.exe.  However, I don't think I did.  When I run "klist 
Jason> -k", copy the principal name from the output, and paste that principal 
Jason> name to the end of "kinit -k", I still get the error:

Jason>    kinit(v5): Key table entry not found while getting initial credentials

Do your key version numbers match?



More information about the Kerberos mailing list