Douglas E. Engert wrote: > > > Wyllys Ingersoll wrote: >> Glenn Barry wrote: >>> Wyllys Ingersoll wrote: >>>> I am trying to test out the ability to get creds from a keytab for >>>> a non "host" credential. >>>> kinit -k -S _service_name_ is supposed to work, but it doesn't. >>>> >>>> Am I using this properly or is this a bug in kinit (or >>>> krb5_get_init_creds API) ? >>>> >>>> # kinit -k -S imap >>>> kinit(v5): Server not found in Kerberos database while getting >>>> initial credentials >>>> >>> how about adding the fqdn "kinit -k -S imap/fqdn" , try that yet? >> >> >> Tried that - no luck. > > You may have the give the client principal too as kinit will assume > the client is the one found in the cache, or derive from the $LOGNAME > > I bet in your case it is looking for root@<realm> > > On my workstaton > kinit -k -S LDAP/xxxx.anl.gov host/orleans.anl.gov > wrote the ticked to /tmp/krb5cc_0 > Yes, thanks. That worked.
-Wyllys
