krb5_get_init_creds_keytab
Zachary Miller
zmiller at cs.wisc.edu
Tue Mar 1 20:32:42 EST 2005
hi all,
i'm having some trouble moving my application from kerberos 1.2
to kerberos 1.4. the problem is that the server side is failing
on krb5_rd_req() with the error "Key table entry not found".
i am using a custom keytab file that contains only one principal:
# klist -k -t /scratch/zmiller/keytab.zmiller
Keytab name: FILE:/scratch/zmiller/keytab.zmiller
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
3 02/17/05 07:44:20 zmiller/condor at CS.WISC.EDU
the code on the server side hasn't changed, so i suspect the problem is
actually on the client side where i call krb5_mk_req_extended(). this code
has changed in moving from 1.2 to 1.4 because i had to change the function
krb5_get_in_tkt_with_keytab() to krb5_get_init_creds_keytab().
in fact, i can see what is probably wrong. krb5_get_init_creds_keytab() is
putting krbtgt/CS.WISC.EDU into the creds->server structure. do i need to call
krb5_get_credentials after krb5_get_init_creds_keytab?
if not, my general question is how do i authenticate both client and server
using a keytab file that contains only zmiller/condor at CS.WISC.EDU?
thank you!
cheers,
-zach
More information about the krbdev
mailing list