troubleshooting failed kinit

David Bear david.bear at asu.edu
Fri Mar 14 18:28:14 EDT 2008


I use a laptop for all my work and move around a couple of networks. For the 
past couple months, I have had no problem authenticating to kerberos from the 
networks I use. However, last week when attempting to kinit from my home, 
kinit fails with the message:

kinit(v5): Cannot contact any KDC for requested realm while getting initial 
credentials

I know my kdc's are alive and active. There are 5. All their names resolve 
properly. Since ASU blocks pings I can really ping them from my home. I 
thought I could just send some bits to them so I tried a 

echo "stuff" | netcat krb1.asu.edu 88 

stuff left, and never came back.

when attepting the netcat using udp, netcat never woke up, i.e it appear that 
netcat never got a response.

I assume this means the somewhere between home and krb1 that udp/88 is being 
blocked or tarpitted? 

However, this is probably the wrong approach. Can anyone recommend a way to 
troubleshoot kinit failures?

other details: 1) I can successfully kinit from any asu network, duh.
2) my laptop gets its address via dhcp from all networks
3) my hope network is nat'ed and I have a dsl connection. 
4) since I was in the past able to kinit from home, I assume something 
somewhere changed. I did change two things which I dont' think would affect 
this. First, I had my dsl speed increase from 256/256, to 1536/768. Second, I 
bought a new actiontek modem, but configured it the same way a the old 
actiontek modem.

Any pointers?


-- 
David Bear
College of Public Programs/ASU
411 N Central, Phoenix, AZ 85004



More information about the Kerberos mailing list