Hi Todd,
?Thanks for answering. It's a windows AD. I'm using ktutil to create the keytab: ? addent -password -p perform-admin -k 1 -e aes256-cts-hmac-sha1-96? I'll look into the kvno. Thomas ________________________________ From: Todd Grayson <tgray...@cloudera.com> Sent: Wednesday, October 26, 2016 2:48 PM To: Thomas Beaudry Cc: kerberos@mit.edu Subject: Re: .kinit: Preauthentication failed while getting initial credentials Is the KDC MIT? AD? Assuming MIT KDC: use the kvno command to evaluate what the KDC thinks is current, vs klist -kte .perform-admin.keytab Verify the kvno (key version number) matches up from the keytab to what the kdc states is the current version. Kinit as a working user first from the cli, then attempt the kvno against the principal associated with the keytab that is failing. what is the command line you are using to export keytabs, the default behavior is to randomize the key each export unless you specifically tell it not to with -norandkey http://krbdev.mit.edu/rt/Ticket/History.html?id=914 use -norandkey when exporting a keytab to prevent the key from being changed... On Wed, Oct 26, 2016 at 12:20 PM, Thomas Beaudry <thomas.beau...@concordia.ca<mailto:thomas.beau...@concordia.ca>> wrote: Hi Everyone, I am running into a strange problem. I can not get a kerberos ticket when using a keytab, but for 1 specific user only: This is the command i use: > kinit perform-admin -kt .perform-admin.keytab kinit: Preauthentication failed while getting initial credentials Now if I do: ?kinit then i get prompted for a password, and then a ticket is created. Like i said i can use a keytab for every other user and it does work, it is only for this 1 specific user that it fails. I have also tried creating new keytabs for this user but it still fails. I don't know if I have this problem because it's the same user that I used to join the REALM in the first place.. Any thoughts? Thanks! Thomas Beaudry ________________________________________________ Kerberos mailing list Kerberos@mit.edu<mailto:Kerberos@mit.edu> https://mailman.mit.edu/mailman/listinfo/kerberos -- Todd Grayson Business Operations Manager Customer Operations Engineering Security SME [http://files.cloudera.com.s3.amazonaws.com/New%20Branding/cloudera-small.png] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
