Issue with Kerberos setting in Sun Solaris 10

Ray Vand ray_vand at filemaker.com
Mon Apr 22 12:45:43 EDT 2013 

Thank you for your input.
I have done the following.

modify krb5.conf

default_keytab_name = /etc//krb5/krb5.keytab

Then run ktutil command

# ktutil
ktutil:  addent -password -p sapldap/ads.company.com -k 9 -e DES-CBC-MD5
Password for sapldap/ads.company.com at COMPANY.COM: 
ktutil:  wkt /tmp/ray.keytab
ktutil:  list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    9  sapldap/ads.company.com at COMPANY.COM
ktutil:  q
# cp /tmp/ray.keytab /etc//krb5/krb5.keytab

# kinit -t /etc/krb5/krb5.keytab
Password for sapldap/ads.company.com at COMPANY.COM: 
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: sapldap/ads.company.com at COMPANY.COM

Valid starting                Expires                Service principal
04/22/13 09:33:39  04/22/13 19:33:39  krbtgt/COMPANY.COM at COMPANY.COM
	renew until 04/29/13 09:33:39
# 


But when I try it with -k option, I am still getting error.


# kinit -k -t /etc/krb5/krb5.keytab
kinit(v5): Client not found in Kerberos database while getting initial credentials
# 


Thank you in advance for your input.

Regards,
Ray


On Apr 21, 2013, at 2:00 PM, Benjamin Kaduk <kaduk at mit.edu> wrote:

> On Sun, 21 Apr 2013, Dagobert Michelsen wrote:
> 
>> Hi Ray,
>> 
>> Am 21.04.2013 um 19:13 schrieb Benjamin Kaduk <kaduk at MIT.EDU>:
>>> On Fri, 19 Apr 2013, Ray Vand wrote:
>>>> Then I moved the sapldap.keytab to my SAP Server in tmp directory
>>>> 
>>>> # ktutil
>>>> ktutil: rkt /tmp/sapldap
>>>> ktutil: l -e
>>>> slot KVNO Principal
>>>> ---- ---- ---------------------------------------------------------------------
>>>> 1    7  sapldap/ads.company.com at COMPANY.COM (DES cvc mode with RSA-MD5)
>>>> 
>>>> ktutil: wkt /etc/krb5.keytab
>>>> ktutil: q
>>>> 
>>>> Here is where I am getting error/having issue when running next command.
>>>> 
>>>> # kinit -V -k sapldap/ads.company.com at COMPANY.COM
>>>> 
>>>> kinit(v5): Key table entry not found while getting initial credentials
>>>> 
>>>> but if I use it without -k option it working and It takes password
>>> 
>>> It is a bit perplexing.  Stock Solaris 10 is not an environment I am
>>> familiar with, but I can speak some about the related MIT krb5 codebase.
>> 
>> 
>> I think the host key tab on Solaris with stock Kerberos is at
>> /etc/krb5/krb5.keytab
>> instead of /etc/krb5.keytab as documented in kinit(1) on Solaris 10.
> 
> That does ring a bell; we had to work around a related issue in OpenAFS recently.
> 
> Thanks!
> 
> -Ben

More information about the Kerberos mailing list