[37949] in Kerberos

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: KDC 1.15 startup error: Invalid credentials - while initializing

daemon@ATHENA.MIT.EDU (Pallissard, Matthew)
Thu Apr 13 23:35:24 2017

To: undisclosed-recipients:;
In-Reply-To: <20170414012033.159862e44b5czlj5@bitis.umrk.nl>
MIME-Version: 1.0
From: "Pallissard, Matthew" <krb@pallissard.net>
Date: Thu, 13 Apr 2017 22:35:01 -0500
CC: kerberos@mit.edu
Message-ID: <e16eb9de-5379-4517-943e-82a40ab34e6e@Pallissard.net>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

Is it slapd reading its key tab incorrectly or is the hostname being derived incorrectly.  Is this a host file issue?

Matt Pallissard


-------- Original Message --------
From: Jaap Winius <jwinius@umrk.nl>
Sent: Thu Apr 13 18:20:33 CDT 2017
To: Jaap Winius <jwinius@umrk.nl>
Cc: "Pallissard, Matthew" <krb@pallissard.net>, kerberos@mit.edu
Subject: Re: KDC 1.15 startup error: Invalid credentials - while initializing database

Quoting Jaap Winius <jwinius@umrk.nl>:

>    slapd[560]: GSSAPI Error: Unspecified GSS failure. \
>    Minor code may provide more information \
>    (Server ldap/localhost@EXAMPLE.COM not found in Kerberos database)

Invalid credentials? It's because of this. Slapd should discover its  
identity by reading its keytab, the location for which can be found in  
the value for KRB5_KTNAME (set in /etc/default/slapd), but that's not  
happening. This is starting to look like a bug, perhaps in  
libsasl2-modules-gssapi-mit.

Cheers,

Jaap
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home	help	back	first	fref	pref	prev	next	nref	lref	last	post