<html><body><div style="color:#000; background-color:#fff; font-family:bookman old style, new york, times, serif;font-size:13px"><div id="yui_3_16_0_1_1435691009101_3079"><span></span></div><div id="yui_3_16_0_1_1435691009101_5973">Output of klist -kt is </div><div id="yui_3_16_0_1_1435691009101_5980"><br></div><div id="yui_3_16_0_1_1435691009101_5981" dir="ltr">KVNO Timestamp         Principal<br class="">---- ----------------- --------------------------------------------------------<br class="">   2 06/30/15 17:12:13 oracledb/oracledbsrvr.example.com@EXAMPLE.COM<br class="">   2 06/30/15 17:12:13 oracledb/oracledbsrvr.example.com@EXAMPLE.COM<br class="">   2 06/30/15 17:12:13 oracledb/oracledbsrvr.example.com@EXAMPLE.COM<br class="">   2 06/30/15 17:12:13 oracledb/oracledbsrvr.example.com@EXAMPLE.COM</div><div id="yui_3_16_0_1_1435691009101_3082" style="font-family: bookman old style, new york, times, serif; font-size: 13px;"> <div id="yui_3_16_0_1_1435691009101_3081" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_1_1435691009101_3080" dir="ltr"> <hr id="yui_3_16_0_1_1435691009101_5940" size="1">  <font face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b> Simo Sorce <simo@redhat.com><br> <b><span style="font-weight: bold;">To:</span></b> sipazzo <sipazzo@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> Freeipa-users <freeipa-users@redhat.com> <br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, June 30, 2015 11:52 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] keytab issue with service principal<br> </font> </div> <div id="yui_3_16_0_1_1435691009101_3086" class="y_msg_container"><br>On Tue, 2015-06-30 at 18:44 +0000, sipazzo wrote:<div class="qtdSeparateBR"><br><br></div><div class="yqt7584935875" id="yqtfd13671"><br clear="none">> I am trying to troubleshoot kerberos authentication for an oracle service (oracledb) and getting the following error when testing the service keytab on the database server (oracledbsrvr):<br clear="none">> <a id="yui_3_16_0_1_1435691009101_5950" shape="rect" ymailto="mailto:oracle@oracledbsrvr" href="mailto:oracle@oracledbsrvr">oracle@oracledbsrvr</a> ~]# kinit -kt /opt/oracle/admin/oracledb.keytab -S oracledb/oracledbsrvr.example.com<br clear="none">> kinit: Keytab contains no suitable keys for host/<a id="yui_3_16_0_1_1435691009101_3087" shape="rect" ymailto="mailto:oracledbsrvr.example.com@EXAMPLE.COM" href="mailto:oracledbsrvr.example.com@EXAMPLE.COM">oracledbsrvr.example.com@EXAMPLE.COM</a> while getting initial credentials<br clear="none">> <br clear="none">> <br clear="none">> When I use a client program like sqlplus on the database server connecting as a freeipa user with valid kerberos ticket it appears to work fine though. I cannot get it working from a remote client however.  Is this error a red herring or should I be concerned about this? kvno and klist show same number.</div><br clear="none"><br clear="none">What's the output of klist -kt /opt/oracle/admin/oracledb.keytab ?<br clear="none"><br clear="none">Simo.<br clear="none"><br clear="none">-- <br clear="none">Simo Sorce * Red Hat, Inc * New York<div class="yqt7584935875" id="yqtfd37924"><br clear="none"><br clear="none"></div><br><br></div> </div> </div>  </div></body></html>