Streamlining host principal keytab provisioning?

Russ Allbery rra at stanford.edu
Tue May 8 03:01:25 EDT 2012


Sebastian Galiano <Sebastian.Galiano at spilgames.com> writes:

> Ok this is my wallet.conf at the wallet client:

> $KEYTABFILE= '/home/USER/krb5.test';

$KEYTAB_FILE, I assume.

> $KEYTAB_KRBTYPE= 'MIT';
> $KEYTAB_PRINCIPAL= 'host.domain.org';

Usually this has a slash in it somewhere.  Are you sure that's the name
of the Kerberos principal you created for wallet to use to authenticate to
kadmin?

> Now I cannot create  more admin users:

> $wallet acl add ADMIN krb5  host.domain.org at REALM
> wallet: GSS-API error initializing context: Unspecified GSS failure.  Minor code may provide more information, Ticket expire

Is the error message right?  Have your local Kerberos tickets expired?
What does klist say?

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list