A quick question on using kinit

Prakash Narayanaswamy prakash at nutanix.com
Mon Nov 24 19:05:55 EST 2014


Greg,

We've a keytab file (test.keytab) with keytab entries of the form shown
below pointing to a Windows host joined to a AD domain (DOMAINNAME.COM)

KVNO Timestamp         Principal
---- -----------------
--------------------------------------------------------
   1 11/21/14 14:25:56 host/hostname.domainname.com at DOMAINNAME.COM
(des3-cbc-sha1)
   1 11/21/14 14:25:56 host/hostname.domainname.com at DOMAINNAME.COM
(aes256-cts-hmac-sha1-96)
   1 11/21/14 14:25:56 host/hostname.domainname.com at DOMAINNAME.COM
(aes128-cts-hmac-sha1-96)

When we try using kinit, we see the following error:

kinit -k -t test.keytab host/hostname.domainname.com at DOMAINNAME.COM
*kinit: Client not found in Kerberos database while getting initial
credentials*

>From what we observed, it seems that Windows is expecting a
UserPrincipalName. Is it somehow possible to specify a different principal
name when using kinit but still make it use the credential information
stored in the keytab file?


Prakash N | 408 771 4273


More information about the Kerberos mailing list