Bizzare problem with authenticating a service principal with AD
Jason Testart
jatestart at cs.uwaterloo.ca
Sun Mar 11 23:49:28 EDT 2007
Jeffrey Altman wrote:
> Jason Testart wrote:
>> I'm trying to get pam_krb5 working with an Active Directory domain. It
>> works when I don't have a krb5.keytab file but it doesn't when I do,
>> since the verification of the TGT using the service principal fails with
>> an error: "Key table entry not found". The keytab file is simple as it
>> only contains the "host" service principal for the Ubuntu Linux box that
>> I am testing with.
> What enctype is the service ticket being encrypted with?
I used the default. "ktpass /?" says that's RC4-HMAC-NT.
>
> Does that enctype exist in the keytab?
"ArcFour with HMAC/md5". Sounds like a match.
>
> Does the kvno of the service ticket match the kvno of the entry in the
> keytab?
Yes.
More information about the Kerberos
mailing list