Cannot contact any KDC for realm

2014-10-24 Thread Lars Hanke
During boot of my system (Debian Wheezy) k5start is invoked to supply a ticket for accessing the AD DC by nslcd. However, during boot it fails: k5start: error getting credentials: Cannot contact any KDC for realm 'MY.AD.REALM' If I restart k5start using the very same init script once the system

Re: What happened to PKCROSS?

2014-10-24 Thread Nico Williams
FYI, I just submitted draft-williams-kitten-krb5-pkcross-03. It still needs some work, obviously (e.g., DANE RRset stapling). But it's closer. In particular I've added details on how a TGS can drive PKCROSS. It turns out to be quite simple... TODO: - add a new KDC error code by which a KDC c

Re: Cannot contact any KDC for realm

2014-10-24 Thread steve
On 24/10/14 13:29, Lars Hanke wrote: > During boot of my system (Debian Wheezy) k5start is invoked to supply a > ticket for accessing the AD DC by nslcd. However, during boot it fails: > > k5start: error getting credentials: Cannot contact any KDC for realm > 'MY.AD.REALM' > > If I restart k5start

Re: Cannot contact any KDC for realm

2014-10-24 Thread Benjamin Kaduk
On Fri, 24 Oct 2014, Lars Hanke wrote: > During boot of my system (Debian Wheezy) k5start is invoked to supply a > ticket for accessing the AD DC by nslcd. However, during boot it fails: Do you have kdc entries explicitly listed in the appropriate [realms] section in your krb5.conf, or do you rel

Re: Cannot contact any KDC for realm

2014-10-24 Thread Russ Allbery
Lars Hanke writes: > During boot of my system (Debian Wheezy) k5start is invoked to supply a > ticket for accessing the AD DC by nslcd. However, during boot it fails: > k5start: error getting credentials: Cannot contact any KDC for realm > 'MY.AD.REALM' > If I restart k5start using the very s

Re: Cannot contact any KDC for realm

2014-10-24 Thread Brandon Allbery
On Fri, 2014-10-24 at 13:29 +0200, Lars Hanke wrote: > During boot of my system (Debian Wheezy) k5start is invoked to supply a > ticket for accessing the AD DC by nslcd. However, during boot it fails: > > k5start: error getting credentials: Cannot contact any KDC for realm > 'MY.AD.REALM' > > I

Re: Cannot contact any KDC for realm

2014-10-24 Thread Lars Hanke
>> During boot of my system (Debian Wheezy) k5start is invoked to supply a >> ticket for accessing the AD DC by nslcd. However, during boot it fails: Thanks for the answers. At least I interpreted the message correctly. I filed a bug to Debian already. > Do you have kdc entries explicitly listed