On Sun, Feb 26, 2006 at 10:08:53AM -0800, Jason C. Wells wrote:
I am not able to use heimdal kerberos telnetd on FreeBSD-6 to provide
remote access to a host. I get this error from my Kermit client:
Kerberos authentication failed!
Kerberos V5 refuses authentication because
Read req failed: Key table entry not found
The keytab has been extracted to the service host. (see below)
I am thinking that there might be some sort of hard to find
incompatibility or encryption type issue with Heimdal and MIT. That or
there is some stupid detail that I have missed. I would have expected
Heimdal to be a drop in replacement for MIT kerberos. A full
transcript is provided below if the problem is not obvious.
I am successfully running MIT KDCs and have been for years. All my
other MIT kerberized hosts function correctly.
Any idea what I might be missing?
http://www.seekingfire.com/projects/kerberos/tips.html
It's very likely a name resolution problem:
All hosts in your realm must be resolvable (both forwards and reverse)
in DNS (or /etc/hosts as a minimum). CNAMEs will work, but the A and PTR
records must be correct and in place. The error message isn't very
intuitive: Kerberos V5 refuses authentication because Read req failed:
Key table entry not found. This same error message can also result if
you the [domain_realms] stanza in your krb5.conf and the host isn't in
the right domain. For example, if you have a host server.example.org and
your domain_realms section says that example.org = EXAMPLE.ORG but the
host server is actually in realm OTHER.REALM, you'll get this error. You
can override the realm for a specific host in the domain_realms section
like so: server.example.org = OTHER.REALM.
-T
--
Belief gets in the way of learning.
-- Robert Heinlein
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
