On 10/26/2011 1:51 PM, Greg Hudson wrote:
> On 10/26/2011 01:08 PM, fafaforza wrote:
>> # kprop -r JABBER.DOMAIN.NET -f DUMP.FILE -s /etc/krb5.jabber.keytab
>> -d kerberos-ha.domain.net
>> kprop: Client not found in Kerberos database while getting initial
>> ticket
> You didn't mention what version of Kerberos you're using. If it's MIT
> krb5 1.9.x, you can set KRB5_TRACE to a filename and get more
> information about what kprop is trying to do.
Using 1.6.3, and doesn't look like KRB6_TRACE was an option in that
release. But I'm too chicken to try an upgrade at this point :)
To add a bit of info, this is what I see in /var/log/krb5.log:
CLIENT_NOT_FOUND: host/[email protected] for
host/[email protected], Client not found in
Kerberos database
Trying to figure out the causality in the "host for host" part, but am
not sure.
--
Darek
>
> I would expect the client principal to be
> host/[email protected], which you say exists, so I'm
> not sure what the issue is. DNS configuration issues could cause the
> second component of that principal to be different, but I'd expect that
> to affect kprop attempts for the first realm as well.
>
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
