kprop and "Client not found in Kerberos database"
fafaforza
fafaforza at gmail.com
Wed Oct 26 14:49:06 EDT 2011
On 10/26/2011 1:51 PM, Greg Hudson wrote:
> On 10/26/2011 01:08 PM, fafaforza wrote:
>> # kprop -r JABBER.DOMAIN.NET -f DUMP.FILE -s /etc/krb5.jabber.keytab
>> -d kerberos-ha.domain.net
>> kprop: Client not found in Kerberos database while getting initial
>> ticket
> You didn't mention what version of Kerberos you're using. If it's MIT
> krb5 1.9.x, you can set KRB5_TRACE to a filename and get more
> information about what kprop is trying to do.
Using 1.6.3, and doesn't look like KRB6_TRACE was an option in that
release. But I'm too chicken to try an upgrade at this point :)
To add a bit of info, this is what I see in /var/log/krb5.log:
CLIENT_NOT_FOUND: host/kerberos.domain.net at JABBER.DOMAIN.NET for
host/kerberos-ha.domain.net at JABBER.DOMAIN.NET, Client not found in
Kerberos database
Trying to figure out the causality in the "host for host" part, but am
not sure.
--
Darek
>
> I would expect the client principal to be
> host/kerberos.domain.net at JABBER.DOMAIN.NET, which you say exists, so I'm
> not sure what the issue is. DNS configuration issues could cause the
> second component of that principal to be different, but I'd expect that
> to affect kprop attempts for the first realm as well.
>
More information about the Kerberos
mailing list