error : kinit(v5) : KRB5 error code 52 while getting initial credentials

Douglas E. Engert deengert at anl.gov
Wed Mar 12 10:00:19 EDT 2008 


Sunil Chandrasekharan wrote:
> Hello all,
>  i am Sunil C. i have a domain named xx.com which has a KDC.
>  i also have a domain co.yy where my server is. there is no KDC in it.
>  users are in xx.com domain. but my servers are in (co.yy) domain.

Windows domain or DNS domain?

> i had set up a test scenario with a user and a server in domain
> (xx.com).
> since KDc was setup i got ticket and was able to authenticate well
> using kerberos.
> my issue is that all my production servers are in domain (co.yy) which
> doesnt have a KDC.
> i want to authenticate and use the server services in that domain.
> setting up KDC is not feasible in both domains for me.
>  now i have done some configuration in krb5.conf file on my server
> (test.co.yy)

This must be in the krb5.conf on the client. It maps a hostname to a realm.

> [domain_realm]
> xx.com = XX.COM
> .xx.com = XX.COM
> co.yy = XX.COM
> .co.yy = XX.COM
> this shows that my domain co.yy which doesnnot have a KDC , i have
> mapped it to the realm XX.COM .
> 
>  now i have some issues.
> 1) i tried to get a keytab from the KDC of XX.COM ( my server in
> co.yy)
>  > ktpass -princ HTTP/test.co.yy at XX.COM

ktpass is a Windows command.
What system is the KDC?   (Windows? Linux? other?)
What system is the server?
What system is the client?

> 2) i somehow managed to get a keytab . i copied into Apache folder and
> executed the command.
> 
> kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy at XX.COM
> password: xxxx
> 
> error : kinit(v5) : KRB5 error code 52 while getting initial
> credentials
> 
>  Please help me understand what is this error..
>  is it some issue with domain mapping configuration in krb5.conf file?
> i am using kerberos 1.2.7 version.

If KDC, client, or server use Windows, get a newer version of Kerberos.


> 
>  Thanks in advance
> 
>  Sunil C
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Kerberos mailing list