error : kinit(v5) : KRB5 error code 52 while getting initial credentials
Douglas E. Engert
deengert at anl.gov
Wed Mar 12 10:00:19 EDT 2008
Sunil Chandrasekharan wrote:
> Hello all,
> i am Sunil C. i have a domain named xx.com which has a KDC.
> i also have a domain co.yy where my server is. there is no KDC in it.
> users are in xx.com domain. but my servers are in (co.yy) domain.
Windows domain or DNS domain?
> i had set up a test scenario with a user and a server in domain
> (xx.com).
> since KDc was setup i got ticket and was able to authenticate well
> using kerberos.
> my issue is that all my production servers are in domain (co.yy) which
> doesnt have a KDC.
> i want to authenticate and use the server services in that domain.
> setting up KDC is not feasible in both domains for me.
> now i have done some configuration in krb5.conf file on my server
> (test.co.yy)
This must be in the krb5.conf on the client. It maps a hostname to a realm.
> [domain_realm]
> xx.com = XX.COM
> .xx.com = XX.COM
> co.yy = XX.COM
> .co.yy = XX.COM
> this shows that my domain co.yy which doesnnot have a KDC , i have
> mapped it to the realm XX.COM .
>
> now i have some issues.
> 1) i tried to get a keytab from the KDC of XX.COM ( my server in
> co.yy)
> > ktpass -princ HTTP/test.co.yy at XX.COM
ktpass is a Windows command.
What system is the KDC? (Windows? Linux? other?)
What system is the server?
What system is the client?
> 2) i somehow managed to get a keytab . i copied into Apache folder and
> executed the command.
>
> kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy at XX.COM
> password: xxxx
>
> error : kinit(v5) : KRB5 error code 52 while getting initial
> credentials
>
> Please help me understand what is this error..
> is it some issue with domain mapping configuration in krb5.conf file?
> i am using kerberos 1.2.7 version.
If KDC, client, or server use Windows, get a newer version of Kerberos.
>
> Thanks in advance
>
> Sunil C
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list