[putting the list back in the cc] On Mon, 22 Apr 2013, Ray Vand wrote:
> Ben, > > kvno was 9 because I gave a new value in addent command. > > ktutil: addent -password -p sapldap/ads.company....@company.com -k 9 -e > DES-CBC-MD5 Ah, okay. As I said earlier, I don't think this kvno will affect 'kinit -k', but is relevant when used as an acceptor. > I created a new one with kvno 7 and tried it. Still getting initial > credentials error. Right, I wouldn't expect that to change. Some ways of generating a keytab will increment the kvno on the KDC, which will cause problems for existing keytabs; it sounds like that is not what is causing this problem. > ktutil: addent -password -p sapldap/ads.company.com@ COMPANY.COM -k 7 -e > DES-CBC-MD5 > Password for sapldap/ads.company.com@ COMPANY.COM: > ktutil: list > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 7 sapldap/ads.company.com@ COMPANY.COM > ktutil: wkt /tmp/ray.keytab > ktutil: q > > # cp /tmp/ray.keytab /etc/krb5/krb5.keytab > > # kinit -k -t /etc/krb5/krb5.keytab sapldap/ads.company.com@ COMPANY.COM > kinit(v5): Key table entry not found while getting initial credentials I assume the space between '@' and "COMPANY.COM" is introduced while transcribing into email? If it is present in the actual command line it may cause problems. You never did say if you are using the Solaris integrated tools or an external installation of MIT kerberos. -Ben ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
