Hello all, Should it be possible to load the host service principal from /etc/krb5.keytab for the purpose of authenticating against an Active Directory server? That is, should I expect this to work?
kinit -k host/[email protected] I invariably receive the following error message: kinit(v5): Client not found in Kerberos database while getting initial credentials Everything else seems to be working fine (I can kinit as a user, and those credentials are accepted for access to the server). The specified principal is listed by 'klist -k': KVNO Principal ---- -------------------------------------------------------------------------- 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 host/[email protected] 2 [email protected] 2 [email protected] 2 [email protected] The error message suggests to me some sort of hostname mismatch somewhere, but DNS (forward and reverse), the system hostname, and the servicePrincipalNames in AD are all consistent. The goal here is to be able to bind to an AD server using the stored host principal (rather than using shared credentials in /etc/ldap.conf, which seems to be the most common alternative to anonymous binds). Thanks for your help! ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
