Heimdal Key Table Entry Not Found
Tillman Hodgson
tillman at seekingfire.com
Sun Feb 26 12:26:55 PST 2006
On Sun, Feb 26, 2006 at 10:08:53AM -0800, Jason C. Wells wrote:
> I am not able to use heimdal kerberos telnetd on FreeBSD-6 to provide
> remote access to a host. I get this error from my Kermit client:
>
> Kerberos authentication failed!
> Kerberos V5 refuses authentication because
> Read req failed: Key table entry not found
>
> The keytab has been extracted to the service host. (see below)
>
> I am thinking that there might be some sort of hard to find
> incompatibility or encryption type issue with Heimdal and MIT. That or
> there is some stupid detail that I have missed. I would have expected
> Heimdal to be a "drop in" replacement for MIT kerberos. A full
> transcript is provided below if the problem is not obvious.
>
> I am successfully running MIT KDCs and have been for years. All my
> other MIT kerberized hosts function correctly.
>
> Any idea what I might be missing?
http://www.seekingfire.com/projects/kerberos/tips.html
It's very likely a name resolution problem:
"All hosts in your realm must be resolvable (both forwards and reverse)
in DNS (or /etc/hosts as a minimum). CNAMEs will work, but the A and PTR
records must be correct and in place. The error message isn't very
intuitive: "Kerberos V5 refuses authentication because Read req failed:
Key table entry not found". This same error message can also result if
you the [domain_realms] stanza in your krb5.conf and the host isn't in
the right domain. For example, if you have a host server.example.org and
your domain_realms section says that example.org = EXAMPLE.ORG but the
host server is actually in realm OTHER.REALM, you'll get this error. You
can override the realm for a specific host in the domain_realms section
like so: server.example.org = OTHER.REALM."
-T
--
"Belief gets in the way of learning."
-- Robert Heinlein
More information about the freebsd-questions
mailing list