[libvirt-users] SASL GSSAPI error "Key table entry not found"
Adam Gray
adam at meebo-inc.com
Thu Jul 1 07:01:16 UTC 2010
I'll try again from latest source tomorrow (or sometime soon). If that
doesn't change anything, I'll repost. Thanks for your help!
-adam
On Wed, Jun 30, 2010 at 16:10, Adam Gray <adam at meebo-inc.com> wrote:
> On Wed, Jun 30, 2010 at 10:13, Daniel P. Berrange <berrange at redhat.com> wrote:
>>
>> If changing the location in /etc/sasl2/libvirt.conf doesn't
>> work then you likely have a broken kerberos/sasl library.
>> This works in latest versions, but for broken systems you
>> can workaround it by setting KRB5_KTNAME=/etc/libvirt/krb5.tab
>> as an env variable when starting libvirtd.
>
> Looks like upstart doesn't work quite like I thought. Running this
> from the command line shows it changed the file path:
> KRB5_KTNAME=/etc/libvirt/krb5.keytab strace -f -ff -eopen libvirtd
> --listen 2>&1 |grep keytab
> [pid 2412] open("/etc/libvirt/krb5.keytab", O_RDONLY) = 39
>
>>
>> Do you have your server hostname configured to exactly match
>> my.fully.qualified.domain (as per hostname -f command), and
>> is that hostname present in the DNS records, both forward and
>> reverse lookups. Using /etc/hosts is not sufficient for kerberos
>> to work IIRC.
>
> Yeah, I ran into that one way too many times to forget :(
> hostname -f gives fqdn, dig on that fqdn gives the right IP, dig -x on
> that IP gives a PTR to the same fqdn.
>
>>
>> That just says the client doesn't have a ticket so not
>> really of interest since you just kdestroy'd the ticket :-)
>
More information about the libvirt-users
mailing list