Hi,
I hope I'm at the right place here for my issue.
This is the case:
On my macbook (Mac OS X 10.11), I have a renewable Kerberos-ticket:
---
macbook013:~ vm$ klist -v
Credentials cache: API:EF9959E6-85DF-446F-9B21-3CEEC606FA2D
Principal: v...@realm.com
Cache version: 0
S
Hi Everyone,
I am running into a strange problem. I can not get a kerberos ticket when
using a keytab, but for 1 specific user only:
This is the command i use:
> kinit perform-admin -kt .perform-admin.keytab
kinit: Preauthentication failed while getting initial credentials
Now if I do:
Is the KDC MIT? AD? Assuming MIT KDC:
use the kvno command to evaluate what the KDC thinks is current, vs klist
-kte .perform-admin.keytab
Verify the kvno (key version number) matches up from the keytab to what the
kdc states is the current version. Kinit as a working user first from the
cli, t
Hi Todd,
?Thanks for answering. It's a windows AD. I'm using ktutil to create the
keytab: ?
addent -password -p perform-admin -k 1 -e aes256-cts-hmac-sha1-96?
I'll look into the kvno.
Thomas
From: Todd Grayson
Sent: Wednesday, October 26, 2016 2:48 P
No, in that case, forget the kvno, it is not going to come out correctly
that way.
Its for when you export the keytab from the KDC, in AD contexts like you
are describing it becomes a invalid data point.
On AD, verify the entry in the ad users and computers gui, set the user
entry to allow AES-25
