netbsd-help: Re: Kereberos 5 installation help?

Subject: Re: Kereberos 5 installation help?
To: Jason DiCioccio <jd@ruby-lang.org>
From: Johan A. van Zanten <johan@brahma.giantfoo.org>
List: netbsd-help
Date: 11/07/2002 13:30:38

---In message <2147483647.1036672239@[10.0.0.2]>
>This is my second shot at installing Kerberos on my network..
>
>Anyway.. I seem to have gotten a bit farther this time.. However, the 
>problem that I'm having now is that when I telnet to the KDC from the KDC 
>after doing a kinit, I get the following error:
>
> Trying KERBEROS5 ... ]
>[ Kerberos V5 refuses authentication because Read req failed: Key table 
>entry not found ]
>[ Trying KERBEROS5 ... ]
>[ Kerberos V5 refuses authentication because Read req failed: Key table 
>entry not found ]
>
>I setup the realm *exactly* as stated at 
>http://www.netbsd.org/Documentation/network/#kerberos
>
>Has anyone else run into this problem?  Is there something I'm missing? 
>Does each host have to have appropriate reverse DNS entries or something?

Yes, it does. You will need correct foward and reverse DNS.  CNAMEs will
work, but the A and PTR records must be correct and in place.  You might
be able to work around it with entries in /etc/hosts.

You may want to double-check this step, too:

         Now that the principal has been created, you should extract its
         key into the KDC system's keytab.

              kadmin> ext -k /etc/krb5.keytab host/mach1.foo.com
              kadmin>



 --johan