Hi, I have joined a HP-UX server to a Windows Server 2003 domain. Join and keytab creation were successful.
The keytab entries look like this: $ klist -ek Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/[email protected] (DES cbc mode with CRC-32) 2 host/[email protected] (DES cbc mode with RSA-MD5) 2 host/[email protected] (ArcFour with HMAC/md5) 2 host/[email protected] (DES cbc mode with CRC-32) 2 host/[email protected] (DES cbc mode with RSA-MD5) 2 host/[email protected] (ArcFour with HMAC/md5) 2 cifs/[email protected] (DES cbc mode with CRC-32) 2 cifs/[email protected] (DES cbc mode with RSA-MD5) 2 cifs/[email protected] (ArcFour with HMAC/md5) 2 cifs/[email protected] (DES cbc mode with CRC-32) 2 cifs/[email protected] (DES cbc mode with RSA-MD5) 2 cifs/[email protected] (ArcFour with HMAC/md5) 2 [email protected] (DES cbc mode with CRC-32) 2 [email protected] (DES cbc mode with RSA-MD5) 2 [email protected] (ArcFour with HMAC/md5) 2 HOST/[email protected] (DES cbc mode with CRC-32) 2 HOST/[email protected] (DES cbc mode with RSA-MD5) 2 HOST/[email protected] (ArcFour with HMAC/md5) 2 HOST/[email protected] (DES cbc mode with CRC-32) 2 HOST/[email protected] (DES cbc mode with RSA-MD5) 2 HOST/[email protected] (ArcFour with HMAC/md5) Now, when I issue a kinit -k it fails with: kinit(v5): Client not found in Kerberos database while getting initial credentials This is obviously correct since kinit uses the first entry to authenticate and the KDC knows the UPN [email protected] only. So, is this order correct? Shouldn't the real UPN be the first entry? What will happen when I will use a C-based GSS client acquiring default credential (GSS_C_NO_CREDENTIAL) with the keytab? Will it pick up the correct entry? My system: bash $ uname -a HP-UX hostname B.11.31 U ia64 1788107473 unlimited-user license bash $ net --version Version 3.4.3 based HP CIFS Server A.03.01.05 Thanks, Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
