When you do: kinit -V HTTP/server.corp.comp....@corp.comp.com -k -t ~/svn_spn.keytab
...I think it should not prompt you for a password; I'll confirm that tomorrow in my setup (don't have access at the moment). We had some serious trouble with getting the keytab working, and in the end it turned out that there seems to be a problem with having multiple SPNs associated with the same Active Directory principal. I'm not sure if that's an AD limitation or a Kerberos quirk -- but we couldn't figure out how to clear out old associated SPNs, so in the end we had to create a new DNS name, new AD principal, new SPN... and then it started working. One other thing to check -- in your login.conf file, try using an absolute path for the "keyTab" option... not sure where it'd look if you just specify the filename. - Bill On Fri, Jun 4, 2010 at 4:24 PM, German <callme...@gmail.com> wrote: > We just tried: > > kinit HTTP/server.corp.comp....@corp.comp.com -V -t ~/svc_spn.keytab and > it asks for the password which if typed works ok, we also tried. > > kinit HTTP/server.corp.comp....@corp.comp.com -k -V -t ~/svc_spn.keytab > which responds with: > kinit(v5): Preauthentication failed while getting initial credentials > > which maybe just be that we are trying something we shouldn't > -- > You are currently subscribed to cas-user@lists.jasig.org as: > b...@counterpointconsulting.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Bill Markmann Counterpoint Consulting, Inc. (p) 571-338-2455 (f) 202-403-3425 (e) b...@counterpointconsulting.com (w) http://www.counterpointconsulting.com/ -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
