I'm on Ubuntu 22.04 which is joined to an Active Directory 2016 by sssd. I have access to several network ressources through kerberos: file shares, oracle and postgres databases. All is good. But I also want to be able access these ressources from a cron job.
I hope to be able to do that with a keytab and k5start. But I cannot get the keytab to work.
I detect the relevant kvno using
kinit -c filex
kvno -c filex krbtgt/XXX.LOCAL@XXX.LOCAL
It is 3. Then I create my keytab using ktutil (addent prompts for my password).
ktutil
addent -password -p yyy@XXX.LOCAL -k 3 -e aes256-cts
wkt ./yyy.keytab
quit
Testing the keytab with
kinit -c filex -k -t keytab yyy@XXX.LOCAL
results in
kinit: Preauthentication failed while getting initial credentials
Google tells me this means the password is incorrect, but it is not.
Am I doing anything wrong?