Hi,
Could you try the following commands and see what they return?
% klist -ke /etc/krb5.keytab
# klist -ke /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 host/<principal> (Triple DES cbc mode with HMAC/sha1)
3 host/<principal> (DES cbc mode with CRC-32)
3 nfs/<principal> (DES cbc mode with CRC-32)
#
The keytabs are genereated on a dedicated host and distributed via rsync. KDCs
are served by a Debian lenny box.
% kinit -k -t /etc/krb5.keytab<principal>
where<principal> is the principal that's stored in that keytab.
# kinit -k -t /etc/krb5.keytab <principal>
# echo $?
0
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <principal>
Valid starting Expires Service principal
01/13/11 08:58:40 01/13/11 18:58:40 krbtgt/<UX realm>@<UX realm>
renew until 01/14/11 08:58:40
Please note also that login succeeds if I use the password for a user principal in the UX
realm. Setting "default realm" to <UX realm> in krb5.conf, login succeeds via
gssapi.
ciao
Christian
PS: Thanks for your quick response, Russ!
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
