[Probably solved!]
On Wed, Apr 26, 2023 at 10:12 AM Matt Zagrabelny <mzagr...@d.umn.edu> wrote:
>
> Whoops. Looks like I need:
>
> sudo apt install krb5-pkinit
Fool me once shame on me, fool me twice shame on me!
I also neglected to add the krb5-otp package to the KDC server.
Now I get:
$ kdestroy
$ kinit -n -c /tmp/somecache
$ kinit -T /tmp/somecache
Enter OTP Token Value:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: b...@mydomain.com
Valid starting Expires Service principal
04/26/2023 10:26:41 04/26/2023 20:26:41 krbtgt/mydomain....@mydomain.com
renew until 04/27/2023 10:26:29
This is all on my test system. Still need to try in production, but it
looks, and feels!, pretty good.
Thanks for all the help!
-m
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
