On Thu, 28 Jan 2010 12:35:03 +0100 Holger Rauch <holger.ra...@empic.de> wrote:
> Hi Thomas, > > On Wed, 27 Jan 2010, Thomas Kula wrote: > > > [...] > > It very well could be. If the kvno (which is listed in the klist > > output) doesn't match kvno in the database (what is displayed with > > getprinc in kadmin) then you won't be able to authenticate with > > that keytab. > > I just did a "getprinc <princ_name>" and it told me that the user > actually had *two* different (meaning different encryption types) > keys. Does that imply I would also have to add *both* keys from within > ktutil for the newly generated keytab file? You should only need to match one of them, I think. Preferably the strongest enc type the client supports. > I created two different keytab files each having one of those keys. > Nevertheless, I still got the same error: > > kinit(v5): Key table entry not found while getting initial credentials > > I should perhaps also point out that I have no default_tgs_enctypes > and no default_tkt_enctypes options in my [libdefaults] section in my > /etc/krb5.conf (on a Debian Lenny system with MIT Kerberos from Debian > packages). The example I gave was also on a lenny system, and it doesn't have either of those options specified. Double-check "l -e" in ktutil and see if it matches kadmin getprinc, and klist? -- Andrew Deason adea...@sinenomine.net _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
