It is my bad. I think I did not enter the password correctly.I guess I have to type more slowly:). I wish ktutil can check the validity of password.
james From: [email protected] [mailto:[email protected]] On Behalf Of Wu, James C. Sent: Tuesday, May 07, 2013 11:15 AM To: [email protected] Subject: kinit with keytab failed Hi Guys, I am trying to get kinit with a keytab file working when using ApacheDS as Kerberos server. However I could not get it to work on both the same host of ApacheDS server and on the client. Ironically, I got different error message in the two cases. On the apacheDS host [cloud-user@n7-z01-0a2a0c3a ~]$ ktutil ktutil: addent -password -p [email protected]<mailto:[email protected]> -k 0 -e des-cbc-md5 Password for [email protected]<mailto:[email protected]>: ktutil: wkt temp.keytab ktutil: q [cloud-user@n7-z01-0a2a0c3a ~]$ kinit -k -t temp.keytab [email protected]<mailto:[email protected]> kinit: Generic preauthentication failure while getting initial credentials On the client host: [cloud-user@n7-z01-0a2a046d ~]$ ktutil ktutil: addent -password -p [email protected]<mailto:[email protected]> -k 0 -e des-cbc-md5 Password for [email protected]<mailto:[email protected]>: ktutil: wkt temp.keytab ktutil: q [FOO@n7-z01-0a2a046d ~]$ kinit -k -t ./temp.keytab [email protected]<mailto:[email protected]> kinit: Key table entry not found while getting initial credentials I looked at the configuration of the apacheds, des-cbc-md5 is one of the encryption types that it supports. Normal kinit [email protected]<mailto:[email protected]> works on both the apacheds host and the client. Regards, james James
