Find in this group all groups
Unknown more information…

k : 22 January 2005 • 1:17AM -0500

Re: Cannot resolve network address for KDC in requested realm while getting initial credentials
by Donn Cave


In article <1106262399.697619.93400@f14g...>,
David.Moor@orac... wrote:

> kinit test
> Password for test@host...:
> However, I can't kinit using this keytab file:
> [root@host/var/kerberos/krb5kdc]$ kinit -k kadm5test
> kinit(v5): Cannot resolve network address for KDC in requested realm
> while getting initial credentials

In the course of this message you don't show the same
realm twice, for a total of four different realms
(host.COM is not the same realm as HOST.COM.)  If that's
really the case, I believe it could account for the error
shown above.  You may find some details on this in the
KDC syslog.

The kadmin function that populates a keytab does create
a new key version, so the old one is no longer valid for
new ticket requests.  That's normally a feature.  If you
want to store the key for a typeable password in a keytab,
I believe you can use ktutil for this.

   Donn Cave, donn@u.wa...

> klist shows:
> [root@bde-idm3 /var/kerberos/krb5kdc]$ klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: test@BDE-...
> Valid starting     Expires            Service principal
> 01/20/05 14:53:59  01/21/05 00:53:59      krbtgt/HOST.COM@HOST...
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> A secondary problem is now the password seems to have been changed
> after creating the keytab, and I can no longer kinit (without the
> keytab):
> [root@host /var/kerberos/krb5kdc]$ kinit test
> Password for test@host...:
> kinit(v5): Password incorrect while getting initial credentials
> For testing purposes I'm using my hostname as my realm name.  I've
> tried logging in as root and as test, but get the same result.
Kerberos mailing list           Kerberos@mit....

Bookmark with:

Delicious   Digg   reddit   Facebook   StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.