Questions tagged [kinit]
17 questions
15
votes
9 answers
Kinit Won't Connect to a Domain Server : Realm not local to KDC while getting initial credentials
I am setting up a testbed environment where Linux (Ubuntu 10.04) clients will authenticate to a Windows Server 2008 R2 Domain Server.
I am following the official Ubuntu guide to set up a Kerberos client here:…
Phanto
- 851
- 5
- 16
- 24
4
votes
0 answers
kinit to get TGT returns “KrbException: Identifier doesn't match expected value (906)” under Windows Server 2016 Active Directory + Kerberos + JDK8
Trying to make Windows Server 2016 Active Directory + Kerberos and Java OpenJDK 8 kinit to obtain a ticket-granting ticket returns KrbException: Identifier doesn't match expected value (906)
I have two Azure VMs, and I want to obtain a kinit…
Victor Polo De Gyves Montero
- 141
- 1
- 4
3
votes
2 answers
How to clear kerberos config
I am setting my machine as a kerberos client. I have a question on how the kerberos config file actually take effect and how to clear its effect. My experiment is as follow.
Step 1, without editing the /etc/krb5.conf file, I typed kinit and got what…
user2196452
- 245
- 1
- 3
- 9
3
votes
0 answers
kinit error: Realm not local to KDC, DC is in a subdomain
I have a user: oneuser@EXEMPLE.COM as principal and the next krb5.conf:
[libdefaults]
default_realm = EXEMPLE.COM
default_tkt_enctypes = arcfour-hmac-md5
default_tgs_enctypes = arcfour-hmac-md5
permitted_enctypes =…
CyberDracula
- 31
- 3
3
votes
0 answers
How to run kinit as root before automounting mutiuser cifs mounts?
Goal
I'm setting up multi-user CIFS mounts in an Active Directory environment under CentOS 8.2. The storage server supports SMB3.1.1 protocol.
Prerequisites
I could easily integrate the system to the Active Directory and I've edited SSSD…
MauvaisJoueur
- 31
- 3
2
votes
1 answer
kinit pre-authentication fails
I have a CentOS 6.4 that someone set up a while back.
The admin is not sure how he installed it, but it works very well with Kerberos.
I used authconfig to set the domain and the Kerberos settings.
I use ktpass on a windows domain controller and…
krb-admin
- 21
- 1
- 1
- 2
1
vote
1 answer
Windows kinit kerberos connection fails with ICMP Port Unreachable
I'm trying to connect to a kerberos server with a keytab:
kinit -k -t securitytest.keytab securitytest@RRRR.COM
Exception: ICMP Port Unreachable
java.net.PortUnreachableException: ICMP Port Unreachable
at…
obeliksz
- 183
- 1
- 12
1
vote
1 answer
How can I setup automatic renewal for Kerberos tickets and make the ticket life longer, in an OSX Server mail server
I have to renew tickets manually in my server terminal for users to have access to their mail accounts. I am using kerberos as a login authentication to access a local mail server. My local machine has a name of remote.X.pt and is providing mail to…
marafado88
- 372
- 2
- 8
- 27
1
vote
0 answers
Mysterious kinit-failure on Debian Jessie
I have a machine with the Samba 4 AD and the second as a client. After two days of good operation, suddenly the kinit stopped working on the client-side. The reason is quite mysterious. It cannot resolve the name of the server. It gets from…
Theodor Keinstein
- 181
- 1
- 11
1
vote
0 answers
Kerberos Service Principal not found in AD
I've got a strange problem with an Active Directory SPN Account.
This does not work:
kinit HTTP/my.host.com@MY.REALM
However, "setspn -l SA_MyUser" lists "HTTP/my.host.com" as registered service principal.
It has got to be a problem withthe AD…
Michael Böckling
- 301
- 3
- 15
1
vote
1 answer
Booting Debian5 (Lenny) on 2.6.16 Kernel
Due to a proprietary kernel module that I don't have the source to and is very picky about what kernel versions it will load into (even with modprobe --f), I find myself in need of running a 2.6.16.XX kernel on my Debian5 machine. The machine boots…
bk.
- 768
- 1
- 4
- 13
1
vote
1 answer
Microsoft Active Directory kerberos returns unknown principal
I m trying to authenticate the host for kbr5p nfs mount where Microsoft active directory is acting as the Kerberos server.
sudo kinit -k -t /etc/krb5.keytab host/ROBODAROBODA@EXAMPLE.COM
kinit: Client 'host/ROBODAROBODA@EXAMPLE.COM' not found in…
suresh
- 231
- 1
- 3
- 9
0
votes
1 answer
RHEL: Getting current kerberos/Kinit user ID after login?
I am connecting by SSH to a RHEL6 server.
When I SSH into the box, I am challenged for my linux username/password (which is a shared account)
username: mySharedLinuxUser
pass for mySharedLinuxUser: password123
then I am prompted again for my…
Paul
- 163
- 1
- 2
- 9
0
votes
1 answer
Linux ksu (kerberized super user) command fails to use cached service (host) tickets
Questions at the end
About my environment
I have tried in two different environments: (i) Linux Ubuntu 16.04LTS server enrolled in Active Directory (Microsoft) Domain and (ii) Linux Ubuntu 16.04LTS server enrolled in a FreeIPA Realm.
Krb5 binary…
Fabiano Tarlao
- 161
- 8
0
votes
2 answers
Restricting Kerberos Credential Cache to session
Currently we are using a very bad access model to our servers.
Every person logs in via ssh to the same unix user. We have several keytabs which are used by everyone and normally the same keytab is used. However sometimes someone needs to use one of…
Simon
- 21