[36615] in Kerberos
A quick question on using kinit
daemon@ATHENA.MIT.EDU (Prakash Narayanaswamy)
Mon Nov 24 19:06:32 2014
MIME-Version: 1.0
From: Prakash Narayanaswamy <prakash@nutanix.com>
Date: Mon, 24 Nov 2014 16:05:55 -0800
Message-ID: <CANeUsQ8+ws-eNac=WHFcO_5YBJSKqYauA9Wr9CYe==ygw3_3UQ@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Greg,
We've a keytab file (test.keytab) with keytab entries of the form shown
below pointing to a Windows host joined to a AD domain (DOMAINNAME.COM)
KVNO Timestamp Principal
---- -----------------
--------------------------------------------------------
1 11/21/14 14:25:56 host/hostname.domainname.com@DOMAINNAME.COM
(des3-cbc-sha1)
1 11/21/14 14:25:56 host/hostname.domainname.com@DOMAINNAME.COM
(aes256-cts-hmac-sha1-96)
1 11/21/14 14:25:56 host/hostname.domainname.com@DOMAINNAME.COM
(aes128-cts-hmac-sha1-96)
When we try using kinit, we see the following error:
kinit -k -t test.keytab host/hostname.domainname.com@DOMAINNAME.COM
*kinit: Client not found in Kerberos database while getting initial
credentials*
>From what we observed, it seems that Windows is expecting a
UserPrincipalName. Is it somehow possible to specify a different principal
name when using kinit but still make it use the credential information
stored in the keytab file?
Prakash N | 408 771 4273
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos