Hi All,

I am trying to get HTCondor with Kerberos authentication 
(https://htcondor.readthedocs.io/en/stable/admin-manual/security.html?highlight=Kerberos#kerberos-authentication)
 to work on some linux machines I have which I joined to Windows Active 
Directory with realmd. HTCondor tries to authenticate with the machine 
principal, but I am having a hard time figuring out what that is. When I run 
'klist -k' I see a bunch of entries from /etc/krb5.keytab along the lines of 
host/fqdn@REALM. However, when I run 'kinit -k' I get "kinit: Client 
$(hostname) not found in Kerberos database".

I then interrogated the realm with adcli, using 'adcli testjoin --verbose' and 
it outputs the computer account name as HOST/HOSTNAME@REALM. When I run 'kinit 
-k HOST/HOSTNAME@REALM' I get back the error "kinit: Keytab contains no 
suitible keys for HOST/HOSTNAME@REALM".

I am confused because when I run 'adcli update --verbose' it says it updated 
the keytab at /etc/krb5.keytab and outputs the same account name (which I am 
assuming is the principal for the computer) as adcli testjoin. I am really 
scratching my head about this, what am I doing wrong here?

Thanks,
Wes


Public Content
________________________________
The information contained in this e-mail and any attachments from Numerica 
Corporation may contain confidential and/or proprietary information, and is 
intended only for the named recipient to whom it was originally addressed. If 
you are not the intended recipient, any disclosure, distribution, or copying of 
this e-mail or its attachments is strictly prohibited. If you have received 
this e-mail in error, please notify the sender immediately by return e-mail and 
permanently delete the e-mail and any attachments.

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to