f



kinit: KRB5 error code 52 while getting initial credentials

I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error c=
ode 52 while getting initial credentials=20
=20
So far my analysis shows this error to indicate the following: 0x34 - KRB_E=
RR_RESPONSE_TOO_BIG - Too much data=20
=20
According to a number of forums, some inheriant limitations exist with the =
Solaris 8 version of Kerberos concerning the number of group memberships a =
user may have.  In my Active Directory, each user is a member of possibly m=
any groups.  To confirm this, I created a simple user with only membership =
to "Domain Users" and was able to run kinit without issue.
Also, I seen a number of forums reporting that the native version of Kerber=
os in Solaris 8 does not support TCP.  Apparently by default, once the pack=
age size of a Kerberos ticket reaches a specified max, TCP should be used.
=20
I have the following Kerberos packages loaded: SUNWk5pk        kernel Kerbe=
ros V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx       kernel Kerberos V5 p=
lug-in w/auth+privacy (64-bit) SUNWk5pu        user Kerberos V5 gss mechani=
sm w/auth+privacy (32-bit) SUNWk5pux       user Kerberos V5 gss mechanism w=
/auth+privacy (64-bit)=20
=20
Are updated packages for Kerberos available for Solaris 8 environments that=
 can handle support for Kerberos over TCP and having a large number of grou=
p memberships?
_________________________________________________________________
Local listings, incredible imagery, and driving directions - all in one pla=
ce! Find it!
http://maps.live.com/?wip=3D69&FORM=3DMGAC01=
0
rfbass16 (4)
7/4/2007 5:56:56 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
497 Views

Similar Articles

[PageSpeed] 37

Reply:

Similar Artilces:

error : kinit(v5) : KRB5 error code 52 while getting initial credentials
Hello all, i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it. users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com). since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some configuration in krb5.conf file on my server (test.co.yy) [domain_realm] xx.com = XX.COM ..xx.com = XX.COM co.yy = XX.COM ..co.yy = XX.COM this shows that my domain co.yy which doesnnot have a KDC , i have mapped it to the realm XX.COM . now i have some issues. 1) i tried to get a keytab from the KDC of XX.COM ( my server in co.yy) > ktpass -princ HTTP/test.co.yy@XX.COM 2) i somehow managed to get a keytab . i copied into Apache folder and executed the command. kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy@XX.COM password: xxxx error : kinit(v5) : KRB5 error code 52 while getting initial credentials Please help me understand what is this error.. is it some issue with domain mapping configuration in krb5.conf file? i am using kerberos 1.2.7 version. Thanks in advance Sunil C Sunil Chandrasekharan wrote: > Hello all, > i am Sunil C. i have a domain named...

RE: kinit: KRB5 error code 52 while getting initial credentials
Thanks for the update Will. I'll look into Solaris 10...> Date: Mon, 9 Jul= 2007 15:43:48 -0500> From: William.Fiveash@sun.com> To: rfbass16@hotmail.c= om> CC: kerberos@mit.edu> Subject: Re: kinit: KRB5 error code 52 while gett= ing initial credentials> > On Wed, Jul 04, 2007 at 05:56:56PM +0000, Ron Ba= ss II wrote:> > > > I'm getting the following error on a Solaris 8 machine:= kinit: KRB5> > error code 52 while getting initial credentials > > > > So = far my analysis shows this error to indicate the following: 0x34 -> > KRB_E= RR_RESPONSE_TOO_BIG - Too much data > > > > According to a number of forums= , some inheriant limitations exist with> > the Solaris 8 version of Kerbero= s concerning the number of group> > memberships a user may have. In my Acti= ve Directory, each user is a> > member of possibly many groups. To confirm = this, I created a simple> > user with only membership to "Domain Users" and= was able to run kinit> > without issue. Also, I seen a number of forums re= porting that the> > native version of Kerberos in Solaris 8 does not suppor= t TCP.> > Apparently by default, once the package size of a Kerberos ticket= > > reaches a specified max, TCP should be used.> > Support for TCP in Sola= ris Kerberos was introduced in Solaris 10.> > > I have the following Kerber= os packages loaded: SUNWk5pk kernel> ...

kinit: KRB5 error code 52 while getting initial credentials #2
I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error code 52 while getting initial credentials So far my analysis shows this error to indicate the following: 0x34 - KRB_ERR_RESPONSE_TOO_BIG - Too much data According to a number of forums, some inheriant limitations exist with the Solaris 8 version of Kerberos concerning the number of group memberships a user may have. In my Active Directory, each user is a member of possibly many groups. To confirm this, I created a simple user with only membership to "Domain Users" and was able to run kinit without issue. Also, I seen a number of forums reporting that the native version of Kerberos in Solaris 8 does not support TCP. Apparently by default, once the package size of a Kerberos ticket reaches a specified max, TCP should be used. I have the following Kerberos packages loaded: SUNWk5pk kernel Kerberos V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx kernel Kerberos V5 plug-in w/auth+privacy (64-bit) SUNWk5pu user Kerberos V5 gss mechanism w/auth+privacy (32-bit) SUNWk5pux user Kerberos V5 gss mechanism w/auth+privacy (64-bit) Are updated packages for Kerberos available for Solaris 8 environments that can handle support for Kerberos over TCP and having a large number of group memberships? _________________________________________________________________ Local listings, incredible imagery, and driving directions - all in one place! Find it! http://maps.live.com/...

RE: kinit: KRB5 error code 52 while getting initial credentials #2
Any chance the Kerberos libs from Solaris 10 can port back to Solaris 8? So= me limitations have arisen such that an upgrade to Solaris 10 is not possi= ble yet. Is there any way to patch the Solaris 8 Kerberos??? =20 Thanks Ron > Date: Wed, 11 Jul 2007 11:42:49 -0500> From: William.Fiveash@sun.com> To:= rfbass16@hotmail.com> CC: William.Fiveash@sun.com; kerberos@mit.edu> Subje= ct: Re: kinit: KRB5 error code 52 while getting initial credentials> > On W= ed, Jul 11, 2007 at 01:10:19AM +0000, Ron Bass II wrote:> > > > Thanks for = the update Will. I'll look into Solaris 10...> > Note that there have been = a number of updates (some security related)> released for Solaris 10 so mak= e sure you get the latest bits.> > -- > Will Fiveash> Sun Microsystems Inc.= > Austin, TX, USA (TZ=3DCST6CDT) _________________________________________________________________ Local listings, incredible imagery, and driving directions - all in one pla= ce! Find it! http://maps.live.com/?wip=3D69&FORM=3DMGAC01= ...

KRB5 error code 52 while getting initial credentials
Hello all, i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it. users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com) since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some configuration in krb5.conf file on my server (test.co.yy) [domain_realm] xx.com = XX.COM ..xx.com = XX.COM co.yy = XX.COM ..co.yy = XX.COM this shows that my domain co.yy which doesnnot have a KDC , i have mapped it to the realm XX.COM . now i have some issues. 1) i tried to get a keytab from the KDC of XX.COM ( my server in co.yy) > ktpass -princ HTTP/test.co.yy@XX.COM 2) i somehow managed to get a keytab . i copied into Apache folder and executed the command. kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy@XX.COM password: xxxx error : kinit(v5) : KRB5 error code 52 while getting initial credentials Please help me understand what is this erro.. is it some issue with domain mapping configuration in krb5.conf file? i am using kerberos 1.2.7 version. Thanks Sunil C ---------------------------- In article <mailman.115.1197917539.11331.kerberos@mit.edu>,...

KRB5 error code 52 while getting initial credentials #2
Hello all, i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it.=20 users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com) since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some configuration in krb5.conf file on my server (test.co.yy)=20 [domain_realm] xx.com =3D XX.COM ..xx.com =3D XX.COM co.yy =3D XX.COM ..co.yy =3D XX.COM this shows that my domain co.yy which doesnnot have a KDC , i have mapped i= t to the realm XX.COM . now i have some issues. 1) i tried to get a keytab from the KDC of XX.COM ( my server in co.yy) > ktpass -princ HTTP/test.co.yy@XX.COM 2) i somehow managed to get a keytab . i copied into Apache folder and executed the command. kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy@XX.COM password: xxxx error : kinit(v5) : KRB5 error code 52 while getting initial credentials Please help me understand what is this erro.. is it some issue with domain mapping configuration in krb5.conf file? i am using kerberos 1.2.7 version= .. Thanks Sunil C ---------------------------- In article , sunilcnair wrote: > This is Su...

kinit(v5): KRB5 error code 68 while getting initial credentials
I have a huge Problem. Im trying to install a SSO for our Intranet-Webserver (Apache 2.0.55) on a SuSE Linux 10.0. Ist running very fine. But we have some Computers, which are NOT Part of the Active Directory Domain, so there the sso doesnt work. If the paste their Usernames into the Auth-Box (firstname.lastname@persona.de) it doesnt work. But the Useraccount exists in the AD. If they paste the real username (e.g. firstname.lastname@KONZERN.INTERN) it works fine. The problem: The user dont Know his real AD-Name. He knows just hier emailadress (firstname.lastname@persona.de) Anyone a solution? My krb5.conf "[libdefaults] default_realm = KONZERN.INTERN clockskew = 300 [realms] KONZERN.INTERN = { kdc = w2kroot.konzern.intern default_domain = konzern.intern admin_server = w2kroot } persona.de = { kdc = w2kroot.konzern.intern default_domain = konzern.intern admin_server = w2kroot } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .konzern.intern = KONZERN.INTERN [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 ...

kerberos and Windows 2008R2
Hello Kerberos List, I'm trying to set a Kerberos ticket between a Unix and a Windows 2008 R2 se= rver. I've created a user on windows and used the ktpass to generate the Kerberos= keytab: C:\Windows\System32\ktpass princ host/jc1lqaldap.testdomain.com@TESTDOMAIN.= COM mapuser TESTDOMAIN\host_jc1lqaldap -crypto DES-CBC-MD5 -pass * -ptype K= RB5_NT_PRINCIPAL out c:\nis_data\host_jc1lqaldap.keytab I did make sure that "User Kerberos DES encryption types for this account" = was checked. First I was getting: root@jc1lqaldap:/etc# kinit -V -k -t /etc/krb5.keytab -c /tmp/krb5cc_0 host= /jc1lqaldap.testdomain.com kinit: KDC has no support for encryption type while getting initial credent= ials So I've checked "Do not require Kerberos preauthentication" and I get: root@jc1lqaldap:/etc# kinit -V -k -t /etc/krb5.keytab -c /tmp/krb5cc_0 host= /jc1lqaldap.testdomain.com kinit: Key table entry not found while getting initial credentials Where should that key table entry be located ? I cannot go forward with this. Is there a way to get more verbose logging s= o I can troubleshoot this. Klist root@jc1lqaldap:/etc# klist -ke -t /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- ----------------------------------------------------= ---- 12 12/31/69 19:00:00 host/jc1lqaldap.testdomain.com@TESTDOMAIN.COM (DES c= bc mode with RSA-MD5) Cat /etc/krb5.conf [logging] default =3D FILE...

permitted_enctypes = "des-cbc-crc" triggers 'kinit: Generic error (see e-text) while getting initial credentials'
I have this in my Suse 11.3 /etc/krb.conf for libdefaults: allow_weak_crypto = true # permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96" permitted_enctypes = "des-cbc-crc" Now if I try to kinit I get this error: kinit kinit: Generic error (see e-text) while getting initial credentials Why? Wendy ...

KRB5 error code 52
Kerberos experts, I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try they fail the login with the "KRB5 error code 52" error. I read that this has something to do with UDP packet size and to try TCP. Is there a way in SEAM to have it use TCP rather then UDP, or to try UDP then TCP is that fails? I was hoping there was a configuration parameter in krb5.conf. thanks, Tyson Oswald ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Tyson, I assume you use a Windows kdc and experience the pac field problem. There is now a patch for w2k and w2k3 to stop the creation of the pac field, which might help. Regards Markus "Tyson Oswald" <oswaldt@ameritech.net> wrote in message news:20041005182618.82769.qmail@web81508.mail.yahoo.com... > Kerberos experts, > > I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When > others try they fail the login with the "KRB5 error code 52" error. I > read that this has something to do with UDP packet size and to try TCP. > Is there a way in SEAM to have it use TCP rather then UDP, or to try UDP > then TCP is that fails? I was hoping there was a configuration parameter > in krb5.conf. > > thanks, > Tyson Oswald > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https...

Re: KRB5 error code 52
SEAM 1.01 doesn't support TCP, later version on Solaris 10 support TCP Hooshang > Kerberos experts, > > I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try > they fail the login with the "KRB5 error code 52" error. I read that this has > something to do with UDP packet size and to try TCP. Is there a way in SEAM to > have it use TCP rather then UDP, or to try UDP then TCP is that fails? I was > hoping there was a configuration parameter in krb5.conf. > > thanks, > Tyson Oswald > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos So what is the MaxTokenSize in SEAM, I just got a formula from MS on what they use for 2003. Also we don't have this issue in SEAM for Solaris 8 so what's different? thanks, Tyson Oswald h.dadgari@comcast.net wrote in message news:<100520041836.10730.4162E9A70001ACE5000029EA2200750784079D0E090B0E0BD208@comcast.net>... > SEAM 1.01 doesn't support TCP, later version on Solaris 10 support TCP > > Hooshang > > > > Kerberos experts, > > > > I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try > > they fail the login with the ...

kinit: Preauthentication failed while getting initial credentials
Hola, estoy intentando conectarme desde Ubuntu (Kerberos) a un drectorio activo (Windows 2008) , pero tengo problemas. Datos Tecnicos: Dominio: NAME1.NAME2.COM Mi krb5.conf default =3D FILE:/var/log/krb5lib.log [libdefaults] ticket_lifetime =3D 24000 default_realm =3D NAME1.NAME2.COM [realms] NAME1.NAME2.COM =3D { kdc =3D dcwindows admin_server =3D dcwindows default_domain =3D NAME1.NAME2.COM } [domain_realm] ..name1.name2.com =3D NAME1.NAME2.COM name1.name2.com =3D NAME1.NAME2.COM Cuando intento hacer: kinit -V Administrador@NAME1.NAME2.COM e ingreso la contrase=F1a correctamente me arroja: kinit: Preauthentication failed while getting initial credentials Todo el problema inicio cuando reinstale el Windows 2008 Nuevamente desde otro CD, no se si el problema es el Windows o la configuracion del Kerberos. Saludos. 2011/5/19 JODACAME <jodacame@gmail.com>: > Cuando intento hacer: > kinit -V Administrador@NAME1.NAME2.COM > e ingreso la contraseña correctamente me arroja: > > kinit: Preauthentication failed while getting initial credentials > > > Todo el problema inicio cuando reinstale el Windows 2008 Nuevamente > desde otro CD, no se si el problema es el Windows o la configuracion > del Kerberos. Acaso re-instalaste y _re-creaste_ el dominio de Active Directory? Podés re-instalar, pero tenés que recuperar los datos del dominio de tus backups. Nico -- Hello. Are you sure that the admin user isn't called administ...

Kerberos error: Unknown code krb5 195
Hello group! I am new to this group and topic. I have been using pine as my primary email client for long, and never noticed the role of kerberos in the play. Until recently, on a newly installed Redhat EL5 server, when I open pine configured to connect to our Exchange 2007 server, I got: Kerberos error: Unknown code krb5 195 (try running kinit) for some.emailserver.edu I then did kinit >kinit >kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials What does this tell me and how do I shoot this problem? Thanks, Jindan Jindan Zhou <jindan@gmail.com> writes: > I then did kinit >>kinit >>kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials > What does this tell me and how do I shoot this problem? Usually it means you either don't have an /etc/krb5.conf file or it's incorrect or doesn't include your realm information. It can mean various other things too (DNS problems, for instance), but krb5.conf is the first place to look. -- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/> On Nov 5, 4:44 am, Russ Allbery <r...@stanford.edu> wrote: > Jindan Zhou <jin...@gmail.com> writes: > > I then did kinit > >>kinit > >>kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials > > What does this tell me and how do I sho...

Kerberos error 52 (0x34) when using kinit
Hello All, I'm getting the above error when I try to get the initial ticket using kinit. The KDC is Windows 2003 and the client is running on linux. My understanding of kerberos and the KDC in particular is that if the KDC can't send the response back via UDP it will switch over to TCP. My question is this: Does the client need to programmactically take an action if it recieves this error or will this be taken care of "under the hood"? Also the client side (linux), is there a way to force the communication to occur using TCP? TIA, Bruce E. Wells ------------------------------------------------------------------------ ------------------------- ------------------------- CONFIDENTIALITY AND SECURITY NOTICE This e-mail contains information that may be confidential and proprietary. It is to be read and used solely by the intended recipient(s). Citadel and its affiliates retain all proprietary rights they may have in the information. If you are not an intended recipient, please notify us immediately either by reply e-mail or by telephone at 312-395-2100 and delete this e-mail (including any attachments hereto) immediately without reading, disseminating, distributing or copying. We cannot give any assurances that this e-mail and any attachments are free of viruses and other harmful code. Citadel reserves the right to monitor, intercept and block all communications involving its computer systems. _______________________________________...

RE: Kerberos error 52 (0x34) when using kinit
Hello Douglas, Thanx for the response. I'll get the latest version from MIT and try again. Regards, Bruce. -----Original Message----- From: Douglas E. Engert [mailto:deengert@anl.gov] Sent: Friday, December 10, 2004 8:57 AM To: Wells, Bruce Cc: kerberos@mit.edu Subject: Re: Kerberos error 52 (0x34) when using kinit Wells, Bruce wrote: > Hello All, > I'm getting the above error when I try to get the initial ticket using > kinit. The KDC is Windows 2003 and the client is running on linux. My > understanding of kerberos and the KDC in particular is that if the KDC > can't send the response back via UDP it will switch over to TCP. My > question is this: Does the client need to programmactically take an > action if it recieves this error or will this be taken care of "under > the hood"? Also the client side (linux), is there a way to force the > communication to occur using TCP? Depends on the release of the Kerberos. MIT 1.2.x did not support TCP, 1.3.x does. Its a recent addition to Java as well. Theylibs wil switch as needed. The krb5.conf [libdefaults] udp_preference_limit = nnn can be used to tell the client to use TCP if the message is over nnn bytes. Setting to 1 in effect says try TCP first. The problem is the ticket is large due to the PAC being included from AD. (IIRC) W2003 servers have a lower cut over size then W2000 servers. > > TIA, > Bruce E. Wells > > -----------------------------...

kinit: Cannot contact any KDC for requested realm while getting initial credentials
Hi, I am having problems with using kinit, with keytab and username/password. When issuing the kinit command I get the following error: kinit: Cannot contact any KDC for requested realm while getting initial credentials There is a firewall between the webservers where I issue the command from and the domain controller. The webservers are able to connect to the domain controller on port 88 over UDP. The webservers are able to resolve themselves and the domain controller, both forward and reverse lookup. Do any of you guys out there have an idea of what is going wrong? Many thanks, Celia ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

kinit: Key table entry not found while getting initial credentials
Hi Kerberos experts, could anyone help me in addressing this issue since I am a T-O-T-A-L newbie in Kerberos. I have to retrieve kerberos credential in Solaris 5.8 (SEAM 1.0.1) using a windows2003 Active Directory as KDC, and I am compelled to use the credential of a user different from Solaris' user. Let's say I work with user appadm on Solaris and user domuser@resource.corp in AD. AD administrator generated a keytab for my Solaris user in this way: Ktpass -princ kerberos/domuser.resource.corp@RESOURCE.CORP -mapuser domuser -pass [passwd of domuser] -out domuser.keytab and gave me the domuser.keytab file. I configured krb5.conf and stored the content of this keytab file in /etc/krb5/krb5.keytab via ktutil: ktutil: rkt domuser.keytab ktutil: l slot KVNO Principal ---- ---- -------------------------------------------------------------------------- 1 4 kerberos/domuser.resource.corp@RESOURCE.CORP ktutil: wkt /etc/krb5/krb5.keytab ktutil: q Now I think my krb5.conf is correct since I am able to get a TGT via kinit in this way: kinit kerberos/domuser.resource.corp@RESOURCE.CORP then I enter domuser's password and with klist I can see the TGT. But I need to obtain the credentials without entering a password since the kinit command has to be put in the startup script of an application. So I tried this: appadm 99% kinit -k kerberos/domuser.resource.corp@RESOURCE.CORP kinit: Key table entry not found while getting initial credentials :-S ...nothing us...

newbie: error getting credentials: Server not found in Kerberos database
Hi! I never found the time to deal intensively with kerberos so please indulge me if this is ought to be a stupid question: kinit works. krsh does not: krsh server error getting credentials: Server not found in Kerberos database trying normal rlogin (/usr/bin/rlogin) So, this is what I did so far: server: /etc/krb5.conf: [libdefaults] default_realm = LOCALDOMAIN [realms] LOCALDOMAIN = { kdc = server.localdomain:88 admin_server = server.localdomain:750 } [domain_realm] .localdomain = LOCALDOMAIN localdomain = LOCALDOMAIN [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log /etc/hosts: 127.0.0.1 localhost 192.168.0.2 server server.localdomain real hostname is actually *not* "server"! kadmin.local: addprinc foo client: /etc/krb5.conf [libdefaults] ticket_lifetime = 600 default_realm = LOCALDOMAIN default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc [realms] LOCALDOMAIN = { kdc = server.localdomain:88 admin_server = server.localdomain:750 } [domain_realm] .localdomain = LOCALDOMAIN localdomain = LOCALDOMAIN [kdc] profile = /etc/krb5kdc/kdc.conf [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FI...

kinit: Key table entry not found while getting initial credentials #2
Hello newsgroup, We followed the instructions on http://grolmsnet.de/kerbtut/ kinit -k -t /etc/apache2/httpotrskeytab OTRS/ server.test.local@TEST.LOCAL produces the following error: kinit: Key table entry not found while getting initial credentials we are using mit kerberos 1.9.1 on sles10 we created the keytabfile on windows 2008 r2 server with the following command: ktpass -princ OTRS/server.test.local@TEST.LOCAL -mapuser httpotrs@TEST.LOCAL -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass secretpassword -out c:\temp\httpotrskeytab we copied the file to the linux server to /etc/apache2 directory manual ticket creation works fine: server:/ # kinit OTRS/server.test.local Password for OTRS/server.test.local@TEST.LOCAL: server:/ # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: OTRS/server.test.local@TEST.LOCAL Valid starting Expires Service principal 06/07/11 13:40:15 06/07/11 23:40:15 krbtgt/TEST.LOCAL@TEST.LOCAL renew until 06/08/11 13:40:15 server:/ # kvno OTRS/server.test.local@TEST.LOCAL OTRS/server.test.local@TEST.LOCAL: kvno =3D 11 any ideas what went wrong with our installation? G=FCnter g� <guenter.huerkamp@gmail.com> writes: > Hello newsgroup, > > We followed the instructions on http://grolmsnet.de/kerbtut/ > > > kinit -k -t /etc/apache2/httpotrskeytab OTRS/ > server.test.local@TEST.LOCAL > produces the following error: > kinit: Key table entry not found while getting initial credenti...

KRB5 error code 52 on Unix with MIT Kerberos5 -> Active Directory
All, I read this error to be a UDP packet size problem and that I need to force my unix clients to swtich to TCP to authenticate against our Active Directory. I couldn't find any information as how I can get the Unix version of MIT Kerb5. to do this.. Can anyone point me in the right direction? Thanks! ...

kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials
Hi! I have set up a kerberos server srv.example.com. This server has address 192.168.180.30. Address resolution works fine on the server and client: srv.example.com: # host srv srv.example.com has address 192.168.180.30 # host 192.168.180.30 30.180.168.192.in-addr.arpa domain name pointer srv.example.com. # host client client.example.com has address 192.168.180.6 # host 192.168.180.6 6.180.168.192.in-addr.arpa domain name pointer client.example.com # client.example.com: # host srv srv.example.com has address 192.168.180.30 # host 192.168.180.30 30.180.168.192.in-addr.arpa domain name pointer srv.example.com. # host client client.example.com has address 192.168.180.6 # host 192.168.180.6 6.180.168.192.in-addr.arpa domain name pointer client.example.com # Now from the server: # kinit user kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials and from the client: # kinit user kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials I am a bit lost what's going on here. In /etc/krb5.conf I have: [libdefaults] default_realm = EXAMPLE.COM dns_lookup_kdc = true dns_lookup_realm = true # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] EXAMPLE.COM = { k...

How to get the error message rather than the code error
Hi, After sending a request, I would get the possible error message. Not the code @@error, nor the exact content of sysmessages, but the message like it could be in the log file. TIA, TSalm TSalm (tsalm@free.fr) writes: > After sending a request, I would get the possible error message. > Not the code @@error, nor the exact content of sysmessages, but the > message like it could be in the log file. "Sending a request", that sounds like you are issuing a call from a client program. In that case you should be able to pick up the error message. If you tell which client API...

AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Hi list, kinit (krb5 1.4.2) on an AIX 5.3 gives me # /usr/local/bin/kinit -k -t foobar.keytab foobar/foo.example.net@EXAMPLE.NET kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials From a working Linux krb5 1.4.2 installation I copied /etc/krb5.conf and foobar.keytab to AIX 5.3. The following steps don't defer to the steps I did under Linux. # ./configure --without-krb4 --enable-shared # make && make install Using gcc 3.3.2. I found a patch for krb5 1.4.1 for AIX 5.2 from Ken Raeburn, but as far as I see it is fixed in 1.4.2. My krb5.conf looks like this: [libdefaults] default_realm = EXAMPLE.NET clockskew = 300 [realms] EXAMPLE.NET = { kdc = foo.example.net:88 admin_server = foo.example.net:749 default_domain = example.net kpasswd_server = foo.example.net } [domain_realm] .example.net = EXAMPLE.NET example.net = EXAMPLE.NET [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } Trying to analyze with tcpdump I s...

Re: AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Christopher, I had the exact same problem. I was given 2 patches for KRB 1.4.1 and it fixed the problem. I applied the patches to my 1.4.2 source and the problem is resolved there too. Here are the patches: DNSGLUE.C Patch: *** ./src/lib/krb5/os/dnsglue.c.orig Fri Jan 14 17:10:53 2005 --- ./src/lib/krb5/os/dnsglue.c Thu May 5 11:39:52 2005 *************** *** 62,68 **** --- 62,76 ---- char *host, int nclass, int ntype) { #if HAVE_RES_NSEARCH + #ifndef LANL struct __res_state statbuf; + #else /* LANL */ + #ifndef _AIX + struct __res_state statbuf; + #else /* _AIX */ + struct { struct __res_state s; char pad[1024]; } statbuf; + #endif /* AIX */ + #endif /* LANL */ #endif struct krb5int_dns_state *ds; int len, ret; LOCATE_KDC.C Patch: >*** ./src/lib/krb5/os/locate_kdc.c.orig Thu May 5 08:06:45 2005 >--- ./src/lib/krb5/os/locate_kdc.c Thu May 5 11:34:27 2005 >*************** >*** 267,275 **** >--- 267,283 ---- > memset(&hint, 0, sizeof(hint)); > hint.ai_family = family; > hint.ai_socktype = socktype; >+ #ifndef LANL > #ifdef AI_NUMERICSERV > hint.ai_flags = AI_NUMERICSERV; > #endif >+ #else /* LANL */ >+ #ifndef _AIX >+ #ifdef AI_NUMERICSERV >+ hint.ai_flags = AI_NUMERICSERV; >+ #endif >+ #endif /* _AIX */ >+ #endif /* LANL */ > sprintf(portbuf, "%d", ntohs(port)); > sprintf(s...

Web resources about - kinit: KRB5 error code 52 while getting initial credentials - comp.protocols.kerberos

Credential Recordings - Wikipedia, the free encyclopedia
Credential Recordings is a Nashville-based record label , focusing generally on the pop rock genre. It began branching out when it agreed on ...

GraphicMail, Janrain Engage Enable Email Newsletter Signup Via Facebook Credentials
... Janrain Engage to its clients’ customizable newsletter signup forms, allowing them to sign in with their Facebook account information, or credentials ...

Discussion of credentials of Maajid Nawaz - Quilliam - YouTube
Glenn Beck discusses the background of Quilliam Chairman Maajid Nawaz on Fox News - The Daily Beck.

Christos Kyrgios has ATP credentials revoked, forced to buy ticket to watch his brother Nick Kyrgios ...
Christos Kyrgios has had his ATP credentials revoked, denied entry to watch his brother Nick in his first round match at the Cincinnati Masters ...

John I Dent Cup: Wests show premiership credentials with entertaining 40-31 win against Royals
Wests showed they can't be discounted as a John I Dent Cup premiership threat on Saturday.

Facebook attacked with credential-harvesting malware - MediaFire, applications, Data Protection - Social ...
Dorkbot variant infection unusual because the criminals exploited a flaw in the file-sharing site MediaFire to spread the malware

Boland pushes Test credentials with five-for
SCOTT Boland rammed home his Test credentials with a five-wicket haul as Victoria put the markers down for a run away Sheffield Shield lead against ...

Obama mocks Romney military credentials
Sky News is Australia's leader in 24-hour news. Barack Obama has aimed to belittle rival Mitt Romney's commander-in-chief credentials, accusing ...

Newly discovered Mac malware tarnishes Apple's security credentials
Apple prides itself on producing more secure gadgets than rivals, but these latest bugs may have iFans worried.

Top AFL draft prospect Christian Petracca proves his midfield credentials
You might already know Christian Petracca. If you like football, like coffee and like to grab one inside the MCG then there's a very good chance ...

Resources last updated: 3/10/2016 2:06:13 PM