CentOS attempting to set up Kerberos 5-tickets created & destroyed successfully, now an issue

Damo Gets dgetsman at amirehab.net
Mon Mar 24 09:55:42 EDT 2008


I have now verified that I have connections working between the two
test machines.  Unfortunately it appears that I can only connect from
my server/kdc to the client machine utilizing kerberized services.  I
am able to create and destroy tickets on each machine without any
problems.  Currently I'm testing with the kerberized rsh & rlogin
clients found in the klogin, eklogin, and kshell packages for the
distributions.

I have now cached tickets on both machines for my primary and
secondary logins (just in case I'm not understanding something
correctly).  ie on each machine I have cached tickets for
myuser at MYDOMAIN.COM and myuser/admin at MYDOMAIN.COM.  Each machine has
the following in the /etc/krb5.keytab files:

SERVER:
KVNO Principal
-----------------------------------------
   3 host/myclient.mydomain.com at MYDOMAIN.COM
   3 host/myclient.mydomain.com at MYDOMAIN.COM
   3 host/myclient.mydomain.com at MYDOMAIN.COM
   3 host/myclient.mydomain.com at MYDOMAIN.COM

CLIENT:
KVNO Principal
-----------------------------------------
   8 host/myclient.mydomain.com at MYDOMAIN.COM
   8 host/myclient.mydomain.com at MYDOMAIN.COM
   8 host/myclient.mydomain.com at MYDOMAIN.COM
   8 host/myclient.mydomain.com at MYDOMAIN.COM
   4 host/myserver at mydomain.com@MYDOMAIN.COM
   4 host/myserver at mydomain.com@MYDOMAIN.COM
   4 host/myserver at mydomain.com@MYDOMAIN.COM
   4 host/myserver at mydomain.com@MYDOMAIN.COM

When attempting a connection from the client to the server I receive
the following error:

foo at myclient:~$ rlogin -l myclient myserver
Couldn't authenticate to server: Server rejected authentication
(during sendauth exchange)
Server returned error code 60 (Generic error (see e-text))
Error text sent from server: Key table entry not found
Trying krb4 rlogin...
krb_sendauth failed: You have no tickets cached
trying normal rlogin (/usr/bin/netkit-rlogin)
exec: No such file or directory
foo at myclient:~$

Any assistance would be greatly appreciated.  I'm pretty sure that
after this point I will be able to get on with kerberizing some other
machines on the network; it'll be nice to be able to test this on more
than just the two machines.

-Damon Getsman



More information about the Kerberos mailing list