[24213] in Kerberos
Re: Problems with Keytabs
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Tue Jul 5 19:21:47 2005
In-Reply-To: <slrndcm1kq.hth.js1@dev.js1.bogus>
Mime-Version: 1.0 (Apple Message framework v622)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <c8893f30e393091f511453ff4c178f53@mit.edu>
Content-Transfer-Encoding: 7bit
From: Ken Raeburn <raeburn@mit.edu>
Date: Tue, 5 Jul 2005 19:20:03 -0400
To: "'kerberos@mit.edu'" <kerberos@mit.edu>
Errors-To: kerberos-bounces@mit.edu
On Jul 5, 2005, at 18:14, js1 wrote:
> I get the following message when I run "kinit -k -t my.keytab":
>
> kinit(v5): Cannot find KDC for requested realm while getting initial
> credentials
>
> It works fine if I just do "kinit my_user". I did a tcpdump and
> noticed
> that when I try to use the keytab, kinit seems to look for
> _kerberos._udp.LOCALDOMAIN and _kerberos._tcp.LOCALDOMAIN. But,
> when I don't use the keytab, it queries my kerberos server,
> kerberos.mydomain.bogus. How do I alter this behavior? Thanks for
> any tips.
If you're using a keytab file and not specifying a principal name, the
kinit program will attempt to use the "host" service principal for the
local host, and will try to figure out the canonical FQDN of the host
in the process (and then the realm, based on that hostname). I'm
guessing it's coming up with "LOCALDOMAIN" when it tries to do that
step. Check your network configuration....
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
