On Tue, 2015-06-30 at 19:34 +0000, sipazzo wrote: > Output of klist -kt is > KVNO Timestamp Principal > ---- ----------------- > -------------------------------------------------------- > 2 06/30/15 17:12:13 oracledb/[email protected] > 2 06/30/15 17:12:13 oracledb/[email protected] > 2 06/30/15 17:12:13 oracledb/[email protected] > 2 06/30/15 17:12:13 oracledb/[email protected] > From: Simo Sorce <[email protected]> > To: sipazzo <[email protected]> > Cc: Freeipa-users <[email protected]> > Sent: Tuesday, June 30, 2015 11:52 AM > Subject: Re: [Freeipa-users] keytab issue with service principal
Then the command you want to run is: kinit -kt /opt/oracle/admin/oracledb.keytab oracledb/oracledbsrvr.example.com Note, no -S Simo. > On Tue, 2015-06-30 at 18:44 +0000, sipazzo wrote: > > > > I am trying to troubleshoot kerberos authentication for an oracle service > > (oracledb) and getting the following error when testing the service keytab > > on the database server (oracledbsrvr): > > oracle@oracledbsrvr ~]# kinit -kt /opt/oracle/admin/oracledb.keytab -S > > oracledb/oracledbsrvr.example.com > > kinit: Keytab contains no suitable keys for > > host/[email protected] while getting initial credentials > > > > > > When I use a client program like sqlplus on the database server connecting > > as a freeipa user with valid kerberos ticket it appears to work fine > > though. I cannot get it working from a remote client however. Is this > > error a red herring or should I be concerned about this? kvno and klist > > show same number. > > What's the output of klist -kt /opt/oracle/admin/oracledb.keytab ? > > Simo. > -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
