CANT_FIND_CLIENT_KEY

Russ Allbery rra at stanford.edu
Tue Mar 30 18:07:08 EDT 2010


Matt Zagrabelny <mzagrabe at d.umn.edu> writes:
> On Tue, 2010-03-30 at 14:46 -0700, Russ Allbery wrote:

>> You need it on the client in addition to the server.

> Good to know. :)

> Unfortunately, the client is a Cisco Catalyst 3750. :/

> workstation% telnet.netkit switch3750
> Trying 10.25.1.14...
> 'autologin': unknown argument ('toggle ?' for help).
> Connected to switch3750.d.umn.edu.
> Escape character is '^]'.

Then that's probably not the problem.  The Cisco box almost certainly
hasn't disabled DES (it's probably the only enctype that it supports).

Please show the getprinc output for your krbtgt/* key and the user
principal that you're using.  I bet one or the other of them has no DES
key.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list