kprop and "Client not found in Kerberos database"
fafaforza
fafaforza at gmail.com
Wed Oct 26 13:08:02 EDT 2011
Hi there,
I have 2 realms, the second for Jabber users. I can kprop the default
realm fine, but get
# kdb5_util -r JABBER.DOMAIN.NET -d /usr/local/var/krb5kdc/jabber
-sf /usr/local/var/krb5kdc/.k5.JABBER.DOMAIN.NET dump DUMP.FILE
# kprop -r JABBER.DOMAIN.NET -f DUMP.FILE -s /etc/krb5.jabber.keytab
-d kerberos-ha.domain.net
kprop: Client not found in Kerberos database while getting initial
ticket
when trying to kprop the jabber realm. A tcpdump shows no traffic to
the secondary, so this looks like a local issue on the primary. In the
Jabber realm, I have these host principals (in addition to others):
host/kerberos-ha.domain.net at JABBER.DOMAIN.NET
host/kerberos.domain.net at JABBER.DOMAIN.NET
I used ``ktadd'' to extract
``host/kerberos.domain.net at JABBER.DOMAIN.NET'' to
/etc/krb5.jabber.keytab, and I get the same error with and without the
-s flag.
Can anyone shed some light? Using the same steps for the default realm
works fine. Below is my /etc/krb5.conf
--
Thanks
Darek
[libdefaults]
default_realm = DOMAIN.NET
[realms]
DOMAIN.NET = {
kdc = kerberos.domain.net
kdc = kerberos-ha.domain.net
}
JABBER.DOMAIN.NET = {
kdc = kerberos.domain.net
kdc = kerberos-ha.domain.net
}
[domain_realm]
.domain.net = DOMAIN.NET
jabber.domain.net = JABBER.DOMAIN.NET
[password_quality]
min_length = 8
#
# requires the pass to have chars from at least that many
character classes.
# ( uppercase, lowercase, number, special characters )
#
min_classes = 3
[logging]
#kdc = CONSOLE
#kdc = SYSLOG:INFO:DAEMON
kdc = FILE:/var/log/krb5.log
admin_server = FILE:/var/log/kadmin.log
[kdc]
addresses = em0
More information about the Kerberos
mailing list