[35919] in Kerberos
Client keytab ignored
daemon@ATHENA.MIT.EDU (Michael-O)
Wed Mar 26 13:17:37 2014
MIME-Version: 1.0
Message-ID: <trinity-9afaca67-dbbc-4068-b457-175fd708d48d-1395851694388@3capp-gmx-bs20>
From: Michael-O <1983-01-06@gmx.net>
To: kerberos@mit.edu
Date: Wed, 26 Mar 2014 17:34:54 +0100
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I am trying to obtain a service ticket with a client keytab for my account. Unfortunately it fails. I wanted to narrow this down and tried to peform the very same operation with
$ kinit -k -t my.keytab
and it says kinit: Keytab contains no suitable keys for host/fqdn@REALM while getting initial credentials.
The question is, why does it completely ignore my keytab and tries the default one in /etc?
Additionally, I have set KRB5_CLIENT_KTNAME and KRB5_KTNAME with $HOME/my.keytab and FILE:$HOME/my.keytab, no avail.
Is there any trick to make a client keytab work with kinit and GSS-API init_sec_context?
The MIT Krb5 docs say that the first principal from the keytab is taken and my principal is in the keytab which I have created with ktutil.
I am on RHEL 6.5, Linux <fqdn> 2.6.32-431.5.1.el6.x86_64 #1 SMP Fri Jan 10 14:46:43 EST 2014 x86_64 x86_64 x86_64 GNU/Linux, MIT Kerberos from standard yum repository.
Thanks,
Michael
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
