[Freeipa-users] keytab issue with service principal

sipazzo sipazzo at yahoo.com
Tue Jun 30 19:51:08 UTC 2015 

Thank you so much, that was it - just a wrong command. Appreciate the help and quick response.

      From: Simo Sorce <simo at redhat.com>
 To: sipazzo <sipazzo at yahoo.com> 
Cc: Freeipa-users <freeipa-users at redhat.com> 
 Sent: Tuesday, June 30, 2015 12:39 PM
 Subject: Re: [Freeipa-users] keytab issue with service principal
   
On Tue, 2015-06-30 at 19:34 +0000, sipazzo wrote:
> Output of klist -kt is 
> KVNO Timestamp        Principal
> ---- ----------------- --------------------------------------------------------
>    2 06/30/15 17:12:13 oracledb/oracledbsrvr.example.com at EXAMPLE.COM
>    2 06/30/15 17:12:13 oracledb/oracledbsrvr.example.com at EXAMPLE.COM
>    2 06/30/15 17:12:13 oracledb/oracledbsrvr.example.com at EXAMPLE.COM
>    2 06/30/15 17:12:13 oracledb/oracledbsrvr.example.com at EXAMPLE.COM    From: Simo Sorce <simo at redhat.com>
>  To: sipazzo <sipazzo at yahoo.com> 
> Cc: Freeipa-users <freeipa-users at redhat.com> 
>  Sent: Tuesday, June 30, 2015 11:52 AM
>  Subject: Re: [Freeipa-users] keytab issue with service principal

Then the command you want to run is:
kinit -kt /opt/oracle/admin/oracledb.keytab oracledb/oracledbsrvr.example.com

Note, no -S



Simo.

> On Tue, 2015-06-30 at 18:44 +0000, sipazzo wrote:
> 
> 
> > I am trying to troubleshoot kerberos authentication for an oracle service (oracledb) and getting the following error when testing the service keytab on the database server (oracledbsrvr):
> > oracle at oracledbsrvr ~]# kinit -kt /opt/oracle/admin/oracledb.keytab -S oracledb/oracledbsrvr.example.com
> > kinit: Keytab contains no suitable keys for host/oracledbsrvr.example.com at EXAMPLE.COM while getting initial credentials
> > 
> > 
> > When I use a client program like sqlplus on the database server connecting as a freeipa user with valid kerberos ticket it appears to work fine though. I cannot get it working from a remote client however.  Is this error a red herring or should I be concerned about this? kvno and klist show same number.
> 
> What's the output of klist -kt /opt/oracle/admin/oracledb.keytab ?
> 
> Simo.
> 


-- 
Simo Sorce * Red Hat, Inc * New York



  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150630/d44c2226/attachment.htm>

More information about the Freeipa-users mailing list