Output of klist -kt is 
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   2 06/30/15 17:12:13 oracledb/oracledbsrvr.example....@example.com
   2 06/30/15 17:12:13 oracledb/oracledbsrvr.example....@example.com
   2 06/30/15 17:12:13 oracledb/oracledbsrvr.example....@example.com
   2 06/30/15 17:12:13 oracledb/oracledbsrvr.example....@example.com     From: 
Simo Sorce <s...@redhat.com>
 To: sipazzo <sipa...@yahoo.com> 
Cc: Freeipa-users <freeipa-users@redhat.com> 
 Sent: Tuesday, June 30, 2015 11:52 AM
 Subject: Re: [Freeipa-users] keytab issue with service principal
   
On Tue, 2015-06-30 at 18:44 +0000, sipazzo wrote:


> I am trying to troubleshoot kerberos authentication for an oracle service 
> (oracledb) and getting the following error when testing the service keytab on 
> the database server (oracledbsrvr):
> oracle@oracledbsrvr ~]# kinit -kt /opt/oracle/admin/oracledb.keytab -S 
> oracledb/oracledbsrvr.example.com
> kinit: Keytab contains no suitable keys for 
> host/oracledbsrvr.example....@example.com while getting initial credentials
> 
> 
> When I use a client program like sqlplus on the database server connecting as 
> a freeipa user with valid kerberos ticket it appears to work fine though. I 
> cannot get it working from a remote client however.  Is this error a red 
> herring or should I be concerned about this? kvno and klist show same number.

What's the output of klist -kt /opt/oracle/admin/oracledb.keytab ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



  
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to