I've set up my Active Directory server, Linux client, and /etc/krb5.conf file successfully to the point that I can run
kinit ad_user and klist shows the ticket I received. I can kdestroy / kinit ad_user repeatedly and see my ticket with the new expiration date. My problem happens during scripting. I'm setting up a remote machine over ssh with a python script, and among other things, it's executing running "kinit ad_user". I've noticed that when running it this way, I would see occasional see: - Password for ad_u...@testdomain.com or - kinit: Preauthentication failed while getting initial credentials I updated my script to retry based on seeing these messages returned. If I'm on the same subnet as my remote machine, it works within 3 retries every time so far. If I'm on a different subnet, 3 has never worked, it's more like 8-10 plus successively longer delays in between to get it to work successfully (retry * 3 seconds, a constant 5 second delay between still fails)... and once it does work successfully, my script immediately does a "kinit -l 30 ad_user", which has worked every time. I've verified that my command sequence is correct by manually ssh'ing in and running the commands in the history buffer and seeing them work as expected (local or remote subnet). Does anyone understand why automating the commands would have different results from running them by hand? Are there some conditions I need to meet before I can run kinit the way I'm trying to? Thanks for reading. Hector -- View this message in context: http://kerberos.996246.n3.nabble.com/Sporadic-kinit-failures-tp39200.html Sent from the Kerberos - General mailing list archive at Nabble.com. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos