krb5_get_init_creds_keytab

Zachary Miller zmiller at cs.wisc.edu
Tue Mar 1 20:32:42 EST 2005


hi all,

i'm having some trouble moving my application from kerberos 1.2
to kerberos 1.4.  the problem is that the server side is failing
on krb5_rd_req() with the error "Key table entry not found".

i am using a custom keytab file that contains only one principal:

# klist -k -t /scratch/zmiller/keytab.zmiller 
Keytab name: FILE:/scratch/zmiller/keytab.zmiller
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   3 02/17/05 07:44:20 zmiller/condor at CS.WISC.EDU


the code on the server side hasn't changed, so i suspect the problem is
actually on the client side where i call krb5_mk_req_extended().  this code
has changed in moving from 1.2 to 1.4 because i had to change the function
krb5_get_in_tkt_with_keytab() to krb5_get_init_creds_keytab().

in fact, i can see what is probably wrong.  krb5_get_init_creds_keytab() is
putting krbtgt/CS.WISC.EDU into the creds->server structure.  do i need to call
krb5_get_credentials after krb5_get_init_creds_keytab?

if not, my general question is how do i authenticate both client and server
using a keytab file that contains only zmiller/condor at CS.WISC.EDU?

thank you!


cheers,
-zach



More information about the krbdev mailing list