As a rookie, I hadn't considered...this is an absolutely excellent suggestion. See below, it didn't change anything. I was running as root... Do I need to create a principal for the id 'root', or can I use the base id [in this case jctobin] as a ticket for root?
tob kerberos1:/etc/init.d # kadmin.local Authenticating as principal root/ad...@dark1.net with password. kadmin.local: listprincs K/m...@dark1.net host/holynight.dark1....@dark1.net host/kerberos1.dark1....@dark1.net jcto...@dark1.net kadmin/ad...@dark1.net kadmin/chang...@dark1.net kadmin/localh...@dark1.net krbtgt/dark1....@dark1.net ldap/kerberos1.dark1....@dark1.net nibot/ad...@dark1.net ni...@dark1.net kadmin.local: exit kerberos1:/etc/init.d # man kinit kerberos1:/etc/init.d # kinit jcto...@dark1.net Password for jcto...@dark1.net: kerberos1:/etc/init.d # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: jcto...@dark1.net Valid starting Expires Service principal 01/07/13 09:37:21 01/07/13 19:37:21 krbtgt/dark1....@dark1.net renew until 01/07/13 09:37:21 kerberos1:/etc/init.d # ldapsearch -h kerberos1.dark1.net -b 'dc=dark1,dc=net' '(uid=jtobin)' SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Clock skew too great) kerberos1:/etc/init.d # On 1/5/13 1:55 AM, "Greg Hudson" <ghud...@mit.edu> wrote: > On 01/04/2013 04:31 PM, John Tobin wrote: >> kerberos1:~ # ldapsearch -h kerberos1.dark1.net -b 'dc=dark1,dc=net' >> '(uid=jtobin)' >> SASL/GSSAPI authentication started >> ldap_sasl_interactive_bind_s: Local error (-2) >> additional info: SASL(-1): generic failure: GSSAPI Error: >> Unspecified GSS failure. Minor code may provide more information >> (Credentials cache file '/tmp/krb5cc_0' not found) > > I feel like I might be missing something, but it looks like you don't > have Kerberos credentials to authenticate with, in which case you need > to kinit first. > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos