f



"Key table entry not found while verifying ticket for server"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig07FDE7C699B5FF20AD258797
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Just added a new system tonight to our Kerberos realm, and was getting
the following error when ksu'ing:

"ksu: Key table entry not found while verifying ticket for server"

Tried Googling for the error to no avail; what is the meaning of this
error and how do I clear it?

Best Wishes - Peter
--=20
Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | "The bits must flow"


--------------enig07FDE7C699B5FF20AD258797
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFGtXWzPtVx9OgEjQgRAve6AJ97hWoo/FDyvCC27oHOamy1UiN6TQCfbcjm
8b550EYBPn8jKX8rHMDtmME=
=znqF
-----END PGP SIGNATURE-----

--------------enig07FDE7C699B5FF20AD258797--
0
8/5/2007 7:01:01 AM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
526 Views

Similar Articles

[PageSpeed] 0

Reply:

Similar Artilces:

ssh gssapi-with-mic and "Key table entry not found"
Hi, I'm trying to get ssh working using gssapi-with-mic authentication. I have about 40 machines running CentOS 5.7. (My bigger goal is to use NFSv4 mounts with "krb5p" security. All these machines mount the same NFSv4 share (think home directories) so my users need to be able to forward their TGT around.) What I'm ultimately running into is sshd complaining "Key table entry not found" on *most* of the servers---a random handful work, and I can't figure out how the working ones are different. So, here's an example: I'm trying to ssh from "lnxsvr3" to "lnxsvr11" using gssapi-with-mic authentication. Here's the output of trying to ssh: [matt@lnxsvr3 ~]$ ssh -v -o"PreferredAuthentications gssapi-with-mic" lnxsvr11 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to lnxsvr11 [192.168.187.67] port 22. debug1: Connection established. debug1: identity file /mnt/home/matt/.ssh/identity type -1 debug1: identity file /mnt/home/matt/.ssh/id_rsa type 1 debug1: identity file /mnt/home/matt/.ssh/id_dsa type -1 debug1: loaded 3 keys debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version st...

Subject: Help needed on "Server not found in Kerberos Database" while using "mod_auth_kerb+Apache"
Hi, My Kerberos Setup is as follows- Kerberos v5 Server- example.domain.com (Linux Box) Kerberos Realm- EXAMPLE.COM Registered User on Kerberos realm- test@EXAMPLE.COM Apache Server(with mod_auth_kerb) can be accessed as: http://apache.domain.com (Linux Box) Now I have added a principal name- HTTP/apache.domain.com@EXAMPLE.COM using the addprinc command. I have generated a keytab file for this principal (using ktadd) and then transferred it to the Apache Server(apache.domain.com). I have pointed to this keytab file in ..htaccess file. Now when I try to access APACHE.DOMAIN.COM:80 through a browser(IE) running on my desktop say CLIENT1.DOMAIN.COM, and give the proper user credentials...it doesnt authenticate. When I look this up in the Kerberos log file (krb5kdc.log) it gives the following messages...for the event- Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): AS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.200.27: ISSUE: authtime 1089292954, etypes {rep=16 tkt=16 ses=16}, test@EXAMPLE.COM for krbtgt/EXAMPLE.COM@EXAMPLE.COM Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): TGS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.200.27: UNKNOWN_SERVER: authtime 1089292954, test@EXAMPLE.COM for krbtgt/REALM1.COM@EXAMPLE.COM, Server not found in Kerberos database Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): TGS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.200.27: UNKNOWN_SERVER: authtime 1089292954, test@EXAMPLE.COM for krbtgt/COM@EXAMPLE.COM, Server not found i...

"@" entries and "" entries not transferring
Hi, primary master: $ORIGIN . $TTL 86400 ; 1 day mydomain.tld IN SOA whatever. admin.whatever. ( 2006072506 ; serial 28800 ; refresh (8 hours) 7200 ; retry (2 hours) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS whatever. NS whatever. MX 0 whatever. MX 10 whatever. $ORIGIN mydomain.tld. test A 192.168.0.100 @ A 192.168.0.100 www A 192.168.0.100 A 192.168.0.100 After transferring the zone to the secondary "@" and "" is lost: $ORIGIN . $TTL 86400 ; 1 day mydomain.tld IN SOA whatever. admin.whatever. ( 2006072506 ; serial 28800 ; refresh (8 hours) 7200 ; retry (2 hours) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS whatever. NS whatever. MX 0 w...

"""""""""ADD ME""""""""""
Hi , Hope you are doing great. Please let me take this opportunity to introduce myself, Iam Karthik working with BhanInfoi Inc, a NY based company. We have consultants on our bench on various technologies, my request is to add me to your distribution list and kindly do send me the requirements. i have the below list available 1. Mainframe 2. Java 3.. Financial Analyst 4. Data Architect If there is any vendor ship agreement which has to be signed then I would like to take an opportunity to represent my company and expect your cooperation... ...

Urgent Requirement in """""""""""""NEW YORK""""""""""""""""
Hello Partners, Please find the requirement below. Please send the updated resume along with rate and contact no. REQ#1: Title : Java Developer ( Rating Project) Duration : 6 months Rate : open Location : NY strong java, WebLogic 9.2, Web Services, Oracle REQ#2: Title : Java Developer Duration : 4 months Rate : open Location : NY Strong java, SQL REQ#3: Title : VB.Net Consultant Location : NY Duration : 4 months Rate : open Primarily looking at someone who has Excel, VB.net and Oracle (good to have). Req #4: Title : Java Developer (MSA Project) Duration : 6+ months Rate : open Location : NY Note : Please send your updated resume along with contact no karthik@bhaninfo.com : No phone calls please. Thanks & Regards Karthik BhanInfo karthik@bhaninfo.com ...

"my" and "our"
Hi, while testing a program, I erroneously declared the same variable twice within a block, the first time with "my", the second time with "our": { my $fz = 'VTX_Link'; .... ( around 200 lines of code, all in the same block) our $fz = 'VTX_Linkset'; ... } So the initial contents of the $fz declared with "my" is lost, because "our" creates a lexical alias for the global $fz, thus overwriting the previous "my" declaration. It was my error, no question. But I wonder why Perl doesn't mention this - even with "use s...

"out" and "in out"
Hi i found the following explaination: In Ada, "in" parameters are similar to C++ const parameters. They are effectively read-only within the scope of the called subprogram. Ada "in out" parameters have a reliable initial value (that passed in from the calling subprogram) and may be modified within the scope of the called procedure. Ada "out" parameters have no reliable initial value, but are expected to be assigned a value within the called procedure. What does "have no reliable initial value" mean when considering the "out" parameter? By c...

"or" and "and"
Hi, I'm just getting to discover ruby, but I find it very nice programming language. I just still don't understand how the "or" and "and" in ruby... I was playing with ruby and for example made a def to print Stem and Leaf plot (for those who didn't have a statistics course or slept on it, e.g. http://cnx.org/content/m10157/latest/) Here is the Beta version of it: class Array def n ; self.size ; end def stem_and_leaf(st = 1) # if st != (2 or 5 or 10) then ; st = 1 ; end k = Hash.new(0) self.each {|x| k[x.to_f] += 1 } k = k.sort{|a, b| a[0].to_f <=&g...

about "++" and "--"
why this program snippet display "8,7,7,8,-7,-8" the program is: main() { int i=8; printf("%d\n%d\n%d\n%d\n%d\n%d\n",++i,--i,i++,i--,-i++,-i--); } > why this program snippet display "8,7,7,8,-7,-8" Ask your compiler-vendor because this result is IMHO implementation-defined. Check this out: http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.15 http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.16 Regards, Irina Marudina fxc123@gmail.com wrote: > why this program snippet display "8,7,7,8,-7,-8&q...

"/a" is not "/a" ?
Hi everybody, while testing a module today I stumbled on something that I can work around but I don't quite understand. >>> a = "a" >>> b = "a" >>> a == b True >>> a is b True >>> c = "/a" >>> d = "/a" >>> c == d True # all good so far >>> c is d False # eeeeek! Why c and d point to two different objects with an identical string content rather than the same object? Manu Emanuele D'Arrigo wrote: >>>> c = "/a" >>>&...

"If then; if then;" and "If then; if;"
I have a raw data set which is a hierarchical file: H 321 s. main st P Mary E 21 F P william m 23 M P Susan K 3 F H 324 S. Main St I use the folowing code to read the data to creat one observation per detail(P) record including hearder record(H): data test; infile 'C:\Documents and Settings\retain.txt'; retain Address; input type $1. @; if type='H' then input @3 Address $12.; if type='P' then input @3 Name $10. @13 Age 3. @16 Gender $1.; run; but the output is not what I want: 1 321 s. main H 2 321 s. main P Mary E 21 F 3 321 s...

why "::", not "."
Why does the method of modules use a dot, and the constants a double colon? e.g. Math::PI and Math.cos -- Posted via http://www.ruby-forum.com/. On Oct 26, 2010, at 01:48 , Oleg Igor wrote: > Why does the method of modules use a dot, and the constants a double > colon? > e.g. > Math::PI and Math.cos For the same reason why inner-classes/modules use double colon, because = they're constants and that's how you look up via constant namespace. Math::PI and ActiveRecord::Base are the same type of lookup... it is = just that Base is a module and PI is a float....

A problem about "[ ]" "( )" "="
I want to read several images saved in a director,and give them to I1,I2 ,I3....,using the following codes: filelist=dir(['c:\MATLAB701\work\...\*.jpg']); for i=1 :length(filelist) I=imread(fullfile('c:\MATLAB701\work\...',filelist(i).name)); end; but failed. Then I used I(i)=imread... ,still failed. How could I do? "John" <mailofww@126.com> wrote in message news:ef19e12.-1@webx.raydaftYaTP... >I want to read several images saved in a director,and give them to > I1,I2 ,I3....,using the following codes: > filelist=dir(['c:\MATLAB701\work\.....

"In" "Out" and "Trash"
I just bought a new computer and I re-installed Eudora Light on my new computer. But when I open Eudora, the "In", "Out" and "Trash" links are not on the left side of the screen the way they were on my old computer. How can I get these links back on the left side of the screen? Thank you. On 25 Mar 2007 09:49:22 -0700, "abx" <abfunex@yahoo.com> wrote: >I just bought a new computer and I re-installed Eudora Light on my new >computer. But when I open Eudora, the "In", "Out" and "Trash" links >are ...

Does it need a ";" at the very after of "if" and "for"
write code like: int main(void) { int a=10; if(a<20) {} } Compiler ok on dev-cpp . don't we have to add a ";" after if statement? marsarden said: > write code like: > > int main(void) > { > int a=10; > if(a<20) > {} > } > > Compiler ok on dev-cpp . don't we have to add a ";" after if > statement? The syntax for 'if' is: if(expression) statement There is no semicolon after the ) but before the statement. The statement is either a normal statement (which can be empty), ending in a semicolon:- if(expr) ...

Errors: "No current record" and "The search Key was not found in any record"
Hi I get the errors 1) No current record 2) The search Key was not found in any record while deleting data from a table it is a simple delete, as: delete from asd where record_time < 39585 or where record time > 39585 and < 39586 They result in the errors above, in the same order. Data is present in the table. What causes this? On May 29, 11:08=A0am, jodleren <sonn...@hot.ee> wrote: > Hi > > I get the errors > 1) No current record > 2) The search Key was not found in any record > > while deleting data from a table > > it is a simple delete, as: ...

Newbie: "Server not found in Kerberos database"
I am still in 'toy installation mode'. I have set up a KDC on a Linux machine, call it kervara.mygroup.org I have successfully set things up to the point that I can kinit from various clients. I have also set up OpenSSH 3.9p1 to use GSSAPI authentication. When I am logged into kervara, and have a valid TGT from this realm, I can successfully ssh into kervara.mygroup.org without a password; the keytab contains entries for the host/kervara.mygroup.org principal. This is the way things are supposed to work. Life is good. The problem comes when I attempt to do the same thing with the same version of OpenSSH built with the same options on a Solaris machine. In that case, the server logs a "Server not found in Kerberos database" message and gives up. I have looked at all the obvious candidates (wrong DNS entry, disagreement as to host name in /etc/hosts and DNS, etc) and come up empty. Unfortunately, the log messages do not tell me _what_ principal it was trying to find in krb5.keytab (I assume that this is where the mismatch or missing entry is). Is there a way to squeeze more diagnostic information? Or does this sound like a familiar problem? In article <d17eap$ejf$1@panix5.panix.com>, urban@panix.com (Michael Urban) wrote: .... > The problem comes when I attempt to do the same thing with the same > version of OpenSSH built with the same options on a Solaris machine. > In that case, the server logs a "Server not found in Kerberos ...

ORA-04031: unable to allocate 2097152 bytes of shared memory ("shared pool","unknown object","hash-join subh","QERHJ Hash Table Entries")
We getting the following error in our database: ORA-04031: unable to allocate 2097152 bytes of shared memory ("shared pool","unknown object","hash-join subh","QERHJ Hash Table Entries")" We have already tried the following: 1. Flushing shared pool 2. Bouncing db Bouncing does resolve the problem temporarily but then it comes back again? Size of the shared pool has been same throughtout but problem has started to appear recently. Any clues anyone? On Thu, 30 Aug 2007 05:55:19 -0000, purohitatul@gmail.com wrote: >We getting the following error...

error: ";" expected, "=" found.
Hey there, I been running some programs and saving some of my data, just by selecting the variables in the workspace and saving... However sometimes when i do this and try to reopen them, im given the error message: error: ";" expected, "=" found. and im unable to retrieve the data, any help please???? Ben Parslew wrote: > > Hey there, > > I been running some programs and saving some of my data, just by > selecting the variables in the workspace and saving... However > sometimes when i do this and try to reopen them, im given the error > message: ...

difference between "server" and "forwarders"
Hello, I didn't got the point from the docs. What's the difference between "server" and "forwarders" in bind 8 configuration file? The documentation gives: - forwarders: Specifies the IP addresses to be used for forwarding. The default is the empty list (no forwarding). - server: sets certain configuration options on a per-server basis As far as I understand I can define other DNS servers with "server" and also with "forwarders". In wich way should I define the providers DNS server for my local DNS server? With best regards Uwe Disch Uwe Disch <uwe.disch@gmx.net> wrote: > Hello, > I didn't got the point from the docs. What's the > difference between "server" and "forwarders" in bind 8 > configuration file? > The documentation gives: > - forwarders: Specifies the IP addresses to be used for > forwarding. The default is the empty list > (no forwarding). > - server: sets certain configuration options on a > per-server basis > As far as I understand I can define other DNS servers > with "server" and also with "forwarders". > In wich way should I define the providers DNS server > for my local DNS server? You might use "server" to designate a particular server as "bogus" or you might indicate a symmetr...

"value" to find a "key"
Is there such a "Map" in java I can easily trace the key by its value, assuming the values are also unique ? John, John wrote: > > Is there such a "Map" in java I can easily trace the key by its value, > assuming the values are also unique ? Not that I know of. You could always use two Maps, one for name-to-phone and the other for phone-to-name. If you happen to know *for certain* that names and numbers are never alike, you could use a single Map and enter each item twice, once as name-and-phone and once as phone-and-name. -- Eric.Sosman@sun.com ...

How to verify it is "Real" or "Complex"
Hellow! I have the following matrix, all the variables are symbolic variable, are there any way to verify the determiant is real or complex? Thanks! MM(1,1)=ro*w^2+k^2*(yita^2*c55+2*c51*yita*sqrt(-1)-c11); MM(1,2)=k^2*(yita^2*c55+(c13*yita+c55*yita)*sqrt(-1)-c51); MM(1,3)=k^2*(yita^2*e35+(e31*yita+e15*yita)*sqrt(-1)-e11); MM(2,1)=k^2*(yita^2*c53+(c55*yita+c13*yita)*sqrt(-1)-c51); MM(2,2)=ro*w^2+k^2*(yita^2*c33+2*c53*yita*sqrt(-1)-c55); MM(2,3)=k^2*(yita^2*e33+(e35*yita+e13*yita)*sqrt(-1)-e15); MM(3,1)=yita^2*e35+(e31*yita+e15*yita)*sqrt(-1)-e11; MM(3,2)=yita^2*e33+(e35*yita+e13*yita)*sqrt(-1)...

"i" returns "obj not found"
Hi all, I am using vxWorks 5.5.2, diab compiler on ppc platform (mpc8560). I have a quite complex network application that crashes with a strange symptom: when I connect using the console, after a short period perfectly working, the "i" command issues the "obj not found" error and won't show the task list. Notice that initially, the command works perfectly. After this error, the device stays up for a while, apparently working, then suddenly it crashes without an exception or other clues that could help me understand the problem. I have observed that while "i"...

Urgent JAVA Requirement in """"""NEW YORK"""""""""
Hello Partners, How are you ? Please find the requirement below. Location : NY Duration : 8 mnths Rate :Open Job description: Java/J2EE Web Service Developer =B7 (4+ years of application development experience in Java/J2EE and Web service technologies. =B7 Experience with spring & Hibernate. =B7 Experience with J2EE Application Server (preferably Web logic). =B7 Preferable Aqua logic DSP Experience =B7 Preferable Sonic ESB Composite Service experience Experience w...

Web resources about - "Key table entry not found while verifying ticket for server" - comp.protocols.kerberos

Resources last updated: 3/10/2016 2:04:51 PM