> It's attempting to verify the credentials against a host keytab and can't > find the Kerberos realm for the host. You can probably fix this by adding > an appropriate mapping to the [domain_realm] section of your krb5.conf. > > The domain_realm section of my krb5.conf looks like this: [domain_realm] .ad.engr.uconn.edu = AD.ENGR.UCONN.EDU ad.engr.uconn.edu = AD.ENGR.UCONN.EDU
AD.ENGR.UCONN.EDU should be my kerberos realm. Perhaps the fact that I have a different domain (for NIS) in /etc/domainname creates a problem? > It's not necessary. The default behavior is to skip the check if you have > no krb5.keytab file or if it contains no usable keys. However, the > authentication will fail if it can't get even that far due to some other > more basic problem, such as not being able to figure out the realm of the > host. > That's good. I am not sure why it cannot figure out the realm though. In fact, if I just type "kinit username" it prompts me for the password for "[EMAIL PROTECTED]" Perhaps it would be worthwhile to try identical steps in Debian Sarge? (I'm not really sure how stable Ubuntu is, but I like that all my hardware works in it with no fighting!) Rohit ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos