Can kinit but not kvno

John Gilbertson jgilbert at
Thu Apr 17 07:38:27 EDT 2008

Hi, I'm trying to set up MIT Kerberos so that we can authenticate 
against an Active Directory service (Windows Server 2003 I believe) and 
most things seem to be working, I just can't get kvno to work or keytab 
files (Probably because of the kvno issue)

Here's the config:

         default_realm = LIVAD.LIV.AC.UK

         LIVAD.LIV.AC.UK = {
                 kdc =
                 admin_server =
[domain_realm] = LIVAD.LIV.AC.UK = LIVAD.LIV.AC.UK

And here's the output from various commands:

./kinit jgilbert at LIVAD.LIV.AC.UK
Password for jgilbert at LIVAD.LIV.AC.UK:

Ticket cache: FILE:/tmp/krb5cc_48703
Default principal: jgilbert at LIVAD.LIV.AC.UK

Valid starting     Expires            Service principal
04/17/08 12:30:22  04/17/08 22:30:26  krbtgt/LIVAD.LIV.AC.UK at LIVAD.LIV.AC.UK
         renew until 04/18/08 12:30:22

Kerberos 4 ticket cache: /tmp/tkt48703
klist: You have no tickets cached

./kvno jgilbert at LIVAD.LIV.AC.UK
kvno: Server not found in Kerberos database while getting credentials 
for jgilbert at LIVAD.LIV.AC.UK

So as you can see everything seems to work fine, I just can't use kvno. 
What things should I be looking at to try to fix this? Could it be a 
setting on the AD end denying such requests?

John Gilbertson

More information about the Kerberos mailing list