0

I have been trying to do kinit from client machine to KDC server to authenticate client kinit -kt host.keytab -p host/mydomain.com@REALM.COM

but I am getting below error

kinit: Failed to store credentials: Bad format in credentials cache (filename: /tmp/krb5cc_651) while getting initial credentials

I have checked permission /tmp dir. I do have write permission. the same kinit command works on the machine where KDC is installed. both machines are in public domain

krb5.conf

dns_lookup_realm = false
   default_realm = REALM.COM
#   default_ccache_name = KEYRING:persistent:%{uid}
   rdns = false
   kdc_timesync = 1
   ccache_type = 4
   forwardable = true
   proxiable = true
   preauth = false
   udp_preference_limit = 1

Please help me. what is going wrong?? (I have changed realm name and domain name here)

JDP
  • 56
  • 2
  • 10
  • I would like to add a point here that I do have VPN on the client side. I mean KDC server can't contact back to Client side. yes Client can definitely contact KDC. does it create any problem? – JDP Feb 12 '19 at 14:55
  • 1
    hi, what happens if you try to relocate the cache elsewhere using the -c option ? (e.g. -c /var/tmp/mycache), do you have the same error ?. Also, try to remove the -p . last thing : is this the complete krb5.conf file ?(if so, the file has a bad format and that might be your issue) – olivierg Feb 22 '19 at 19:30
  • @olivierg Thanks! I found the problem. it was OS specific which is returning end of file while trying to read cache file very first time. actually, it would not have anything very first time in the cache file. So I have to take care of the same in Kerberos source code. – JDP Mar 01 '19 at 12:30

1 Answers1

1

it was OS (openVOS stratus machine) specific which is returning end of file while trying to read cache file very first time. actually, the cache file would not have anything very first time in the cache file. So I have to take care of the same in Kerberos source code.

JDP
  • 56
  • 2
  • 10