Can't make the keytab work

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Can't make the keytab work

Stian Selnes

I'm trying to logon using kerberos and telnet between to linux
machinges. The host has address asterisk.tsip.lab. I'm using Microsoft
Live Communication Server 2005 as KDC. The problem is this (I followed
the steps at this site: ):

I let ktpass.exe generate a keytab for me:
ktpass -princ host/[hidden email] -mapuser -pass zzz
-out temp.keytab

I transfered this keytab over to the host and used ktutil to add the
keytab to the file /etc/krb5.keytab. It seems to me like this process
has worked because when I now use ktutil I get:

# ktutil:  rkt /etc/krb5.keytab
# ktutil:  l -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    3          host/[hidden email] (DES cbc mode with RSA-MD5)

And here come's the problem. When I type:

# kinit -5 -k -t /etc/krb5.keytab

to verify that I can get credentials using the keytab, nothing
happens. Well, actually, I can see from Ethereal that I'm sending an
return. And then nothing happens. Even no error messages.

If i try to get a credential not using the keytab:

# kinit
Password for [hidden email]:

everything works fine, and i can use kerberos and telnet from the
second computer to log on to Therefore, it must be
something wrong with the keytab or the way I'm trying verify it?
Anybody got some tips, please?

Here's my krb5.conf file:

 default_realm = YYY.COM
 dns_lookup_realm = true
 dns_lookup_kdc = true
 default_tkt_enctypes = des-cbc-md5
 default_tgs_enctypes = des-cbc-md5

 YYY.COM = {
  kdc =
  kpasswd_server =

[domain_realm] = YYY.COM = YYY.COM

Kerberos mailing list           [hidden email]