A quick question on using kinit
Prakash Narayanaswamy
prakash at nutanix.com
Mon Nov 24 19:05:55 EST 2014
Greg,
We've a keytab file (test.keytab) with keytab entries of the form shown
below pointing to a Windows host joined to a AD domain (DOMAINNAME.COM)
KVNO Timestamp Principal
---- -----------------
--------------------------------------------------------
1 11/21/14 14:25:56 host/hostname.domainname.com at DOMAINNAME.COM
(des3-cbc-sha1)
1 11/21/14 14:25:56 host/hostname.domainname.com at DOMAINNAME.COM
(aes256-cts-hmac-sha1-96)
1 11/21/14 14:25:56 host/hostname.domainname.com at DOMAINNAME.COM
(aes128-cts-hmac-sha1-96)
When we try using kinit, we see the following error:
kinit -k -t test.keytab host/hostname.domainname.com at DOMAINNAME.COM
*kinit: Client not found in Kerberos database while getting initial
credentials*
>From what we observed, it seems that Windows is expecting a
UserPrincipalName. Is it somehow possible to specify a different principal
name when using kinit but still make it use the credential information
stored in the keytab file?
Prakash N | 408 771 4273
More information about the Kerberos
mailing list