troubleshooting failed kinit
David Bear
david.bear at asu.edu
Fri Mar 14 18:28:14 EDT 2008
I use a laptop for all my work and move around a couple of networks. For the
past couple months, I have had no problem authenticating to kerberos from the
networks I use. However, last week when attempting to kinit from my home,
kinit fails with the message:
kinit(v5): Cannot contact any KDC for requested realm while getting initial
credentials
I know my kdc's are alive and active. There are 5. All their names resolve
properly. Since ASU blocks pings I can really ping them from my home. I
thought I could just send some bits to them so I tried a
echo "stuff" | netcat krb1.asu.edu 88
stuff left, and never came back.
when attepting the netcat using udp, netcat never woke up, i.e it appear that
netcat never got a response.
I assume this means the somewhere between home and krb1 that udp/88 is being
blocked or tarpitted?
However, this is probably the wrong approach. Can anyone recommend a way to
troubleshoot kinit failures?
other details: 1) I can successfully kinit from any asu network, duh.
2) my laptop gets its address via dhcp from all networks
3) my hope network is nat'ed and I have a dsl connection.
4) since I was in the past able to kinit from home, I assume something
somewhere changed. I did change two things which I dont' think would affect
this. First, I had my dsl speed increase from 256/256, to 1536/768. Second, I
bought a new actiontek modem, but configured it the same way a the old
actiontek modem.
Any pointers?
--
David Bear
College of Public Programs/ASU
411 N Central, Phoenix, AZ 85004
More information about the Kerberos
mailing list