[validate_tgt] (0x0020): [RID#988] TGT failed verification using key for
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Jun 23 12:55:57 EDT 2025
>(0x0020): [RID#988] 2359: [-1765328339][Service key not available]
This means, "I tried to validate the TGT using a locally stored host
key, I was able to get a service ticket for 'host/local-host-name', but
I couldn't find that service key in the local keytab (/etc/krb5.keytab,
typically)'.
Looking at the code, that could be caused by one of:
- You didn't actually store the key for that principal in your local keytab
- A permission problem with the local keytab
- Confusion about the local hostname and what is stored in the local keytab
If I had to guess I'd suspect the first one; that involves coordination
with your AD admins.
--Ken
More information about the Kerberos
mailing list