error from KDC: 123456/Client not found in Kerberos database
Environment
- Red Hat Single Sign On(RHSSO)
- 7.x
Issue
- error from KDC: -123456/Client not found in Kerberos database
KRB5_TRACE=/dev/stdout kinit -V -k -t pah/to/keycloak.keytab HTTP/jboss.local.network@LOCAL.NETWORK
Mon Jul 24 08:00:06 CEST 2024
Using default cache: /tmp/krb5cc_0
Using principal: HTTP/jboss.local.network@LOCAL.NETWORK
Using keytab: /path/to/keycloak.keytab
[3058353] 1721628006.227539: Getting initial credentials for HTTP/jboss.local.network@LOCAL.NETWORK
[3058353] 1721728006.227540: Looked up etypes in keytab: rc4-hmac, aes256-cts, aes128-cts
[3058353] 1721458006.227542: Sending unauthenticated request
[3058353] 1561628006.227543: Sending request (212 bytes) to LOCAL.NETWORK
[3058353] 1721628006.227544: Sending initial UDP request to dgram 0.0.0.0:80
[3058353] 1721628006.227545: Received answer (100 bytes) from dgram 0.0.0.0:80
[3058353] 1721628006.227546: Response was from master KDC
[3058353] 1721628006.227547: Received error from KDC: -123456/Client not found in Kerberos database
kinit: Client 'HTTP/jboss.local.network@LOCAL.NETWORK' not found in Kerberos database while getting initial credentials
Resolution
- The error while execute kinit output is more likely to the KDC does not know the principal 'HTTP/jboss.local.network@LOCAL.NETWORK' .
Verify with administrator of the KDC (AD) if 'HTTP/jboss.local.network@LOCAL.NETWORK' is registered in the KDC or not.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments