[36615] in Kerberos

home help back first fref pref prev next nref lref last post

A quick question on using kinit

daemon@ATHENA.MIT.EDU (Prakash Narayanaswamy)
Mon Nov 24 19:06:32 2014

MIME-Version: 1.0
From: Prakash Narayanaswamy <prakash@nutanix.com>
Date: Mon, 24 Nov 2014 16:05:55 -0800
Message-ID: <CANeUsQ8+ws-eNac=WHFcO_5YBJSKqYauA9Wr9CYe==ygw3_3UQ@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Greg,

We've a keytab file (test.keytab) with keytab entries of the form shown
below pointing to a Windows host joined to a AD domain (DOMAINNAME.COM)

KVNO Timestamp         Principal
---- -----------------
--------------------------------------------------------
   1 11/21/14 14:25:56 host/hostname.domainname.com@DOMAINNAME.COM
(des3-cbc-sha1)
   1 11/21/14 14:25:56 host/hostname.domainname.com@DOMAINNAME.COM
(aes256-cts-hmac-sha1-96)
   1 11/21/14 14:25:56 host/hostname.domainname.com@DOMAINNAME.COM
(aes128-cts-hmac-sha1-96)

When we try using kinit, we see the following error:

kinit -k -t test.keytab host/hostname.domainname.com@DOMAINNAME.COM
*kinit: Client not found in Kerberos database while getting initial
credentials*

>From what we observed, it seems that Windows is expecting a
UserPrincipalName. Is it somehow possible to specify a different principal
name when using kinit but still make it use the credential information
stored in the keytab file?


Prakash N | 408 771 4273
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post