Re: Migrating a Kerberos Realm

[Edward Murrell]

Ken Hornstein wrote:
>> Now I get a string of errors like this;
>> Nov 22 14:57:55 becks krb5kdc[5216](info): TGS_REQ (7 etypes {18 17 16
>> 23 1 3 2}) 10.37.80.11: PROCESS_TGS: authtime 0,  <unknown client> for
>> host/[EMAIL PROTECTED], Key table entry not found
>>     
>
> So, here's what would be illuminating:
>
> - Output of "klist" after you run "kinit", but before you try to connect
>   to atlas
> - Output of "klist" after you try to connect to atlas.
> - Output of "getprinc" on krbtgt/[EMAIL PROTECTED] from BOTH kdc's.
>
>   
As requested;

[EMAIL PROTECTED] ~ $ kdestroy
[EMAIL PROTECTED] ~ $ kinit -f -a [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED] ~ $ klist
Ticket cache: FILE:/tmp/krb5cc_1000_jJozf1
Default principal: [EMAIL PROTECTED]

Valid starting Expires Service principal
11/23/06 08:41:23 11/23/06 18:41:23 krbtgt/[EMAIL PROTECTED]
renew until 11/24/06 08:41:21


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
[EMAIL PROTECTED] ~ $ ssh atlas
Password:

[EMAIL PROTECTED] ~ $ klist
Ticket cache: FILE:/tmp/krb5cc_1000_jJozf1
Default principal: [EMAIL PROTECTED]

Valid starting Expires Service principal
11/23/06 08:41:23 11/23/06 18:41:23 krbtgt/[EMAIL PROTECTED]
renew until 11/24/06 08:41:21
11/23/06 08:41:32 11/23/06 18:41:23 krbtgt/[EMAIL PROTECTED]
renew until 11/24/06 08:41:21


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
[EMAIL PROTECTED] ~ $

==============
>From the DLCONSULTING.COM kdc;

kadmin.local: getprinc krbtgt/[EMAIL PROTECTED]
Principal: krbtgt/[EMAIL PROTECTED]
Expiration date: [never]
Last password change: Wed Nov 22 14:44:30 NZDT 2006
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Nov 22 14:44:30 NZDT 2006 (root/[EMAIL PROTECTED])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Attributes: REQUIRES_PRE_AUTH
Policy: [none]


==============
>From the OFFICE kdc;
kadmin: getprinc krbtgt/[EMAIL PROTECTED]
Principal: krbtgt/[EMAIL PROTECTED]
Expiration date: [never]
Last password change: Wed Nov 22 14:44:53 NZDT 2006
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Nov 22 14:44:53 NZDT 2006 (edward/[EMAIL PROTECTED])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Attributes: REQUIRES_PRE_AUTH
Policy: [none]



________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos