I was too quick. I get it to work with host/fqdn (e.g. kinit -kt /etc/krb5.keytab host/centos.dom.local) but not with HTTP/fqdn. I use AES-256 CTS mode with 96-bit SHA-1 HMAC.
klist -ekt /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 3 08/29/09 20:54:49 host/[email protected] (ArcFour with HMAC/md5) 3 08/29/09 20:54:49 host/[email protected] (AES-128 CTS mode with 96-bit SHA-1 HMAC) 3 08/29/09 20:54:49 host/[email protected] (AES-256 CTS mode with 96-bit SHA-1 HMAC) klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: host/[email protected] Valid starting Expires Service principal 08/29/09 21:48:32 08/30/09 07:47:42 krbtgt/[email protected] renew until 08/30/09 21:48:32, Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC klist -ekt /etc/HTTP.keytab Keytab name: FILE:/opt/squid-3.0/etc/HTTP.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 2 08/29/09 21:39:35 HTTP/[email protected] (ArcFour with HMAC/md5) 2 08/29/09 21:39:35 HTTP/[email protected] (AES-128 CTS mode with 96-bit SHA-1 HMAC) 2 08/29/09 21:39:35 HTTP/[email protected] (AES-256 CTS mode with 96-bit SHA-1 HMAC) kinit -kt /etc/HTTP.keytab HTTP/centos.dom.local kinit(v5): Preauthentication failed while getting initial credentials Markus "Markus Moeller" <[email protected]> wrote in message news:cf5a795e7b16440fa314ed54d5645...@vaiolaptop... > Wolf-Agathon, > > I did export the keytab, but I found out the Hotfix 951191 was not > installed on the 2008 DC. > > Markus > > ----- Original Message ----- > From: "Wolf-Agathon Schaly" <[email protected]> > To: <[email protected]>; <[email protected]> > Sent: Saturday, August 29, 2009 11:27 AM > Subject: **SPAM ZEN 91.53.127.108** Aw: msktutil problem with Windows 2008 > > >> Howdy Markus >> >> Sound to me that you're trying to use a kaytab without expoting the key >> to >> your keytab file test.keytab >> >> am I right ? >> >> cheers >> Wolf-Agathon >> >> >> ----- Original Nachricht ---- >> Von: Markus Moeller <[email protected]> >> An: [email protected] >> Datum: 29.08.2009 00:07 >> Betreff: msktutil problem with Windows 2008 >> >>> I use the latest msktutil (0.3.16-7) and can add an entry to Windows >>> 2008, >>> but when I run kinit -kt test.keytab HTTP/fqdn I get >>> KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. Is there a setting in 2008 which need >>> to >>> be >>> >>> changed ? >>> >>> Thank you >>> Markus >>> >>> >>> ________________________________________________ >>> Kerberos mailing list [email protected] >>> https://mailman.mit.edu/mailman/listinfo/kerberos >>> >> > > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
