DEVHIDE
Login Or Sign up

kinit: krb5_init_creds_set_keytab: Failed to find keytab (unknown enctype)

5.1k Views Asked by At

So as to enable access to Kerberized Hadoop from a MacBook, tried creating SPNEGO. Post copying the spnego keytab from KDC in Centos 7, doing a kinit failed with the following error:

$kinit -kt /etc/security/keytabs/spnego.service.keytab [email protected]

kinit: krb5_init_creds_set_keytab: Failed to find [email protected] in keytab FILE:/etc/security/keytabs/smokeuser.headless.keytab (unknown enctype)

On Centos checked for the enctype using the following:

[root@vpimply1 ~]# klist -kte /etc/security/keytabs/smokeuser.headless.keytab
Keytab name: FILE:/etc/security/keytabs/smokeuser.headless.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   2 11/27/2018 21:48:00 [email protected] (des-cbc-md5)
   2 11/27/2018 21:48:00 [email protected] (aes128-cts-hmac-sha1-96)
   2 11/27/2018 21:48:00 [email protected] (arcfour-hmac)
   2 11/27/2018 21:48:00 [email protected] (des3-cbc-sha1)
   2 11/27/2018 21:48:00 [email protected] (aes256-cts-hmac-sha1-96)
[root@vpimply1 ~]#

Tried creating the keytabs with specific enctype, but still hit up on the same error.

How to fix this "enctype" issue?

kerberos spnego enctype mit-kerberos
Original Q&A
2

There are 2 best solutions below

0
Venkat On BEST ANSWER

After some struggle, I had set the KRB5 Tracing as follows in Macbook:

KRB5_TRACE=/dev/stdout

Post setting this, I could clearly see that the permissions on keytab wasn't correct. 

$ kinit -t /etc/security/keytabs/smokeuser.headless.keytab [email protected]
2018-11-29T11:17:29 set-error: -1765328242: Reached end of credential caches
2018-11-29T11:17:29 set-error: -1765328243: Principal [email protected] not found in any credential cache
2018-11-29T11:17:29 set-error: 13: keytab /etc/security/keytabs/smokeuser.headless.keytab access failed: Permission denied
2018-11-29T11:17:29 set-error: 13: Failed to find [email protected] in keytab FILE:/etc/security/keytabs/smokeuser.headless.keytab (unknown enctype)
kinit: krb5_init_creds_set_keytab: Failed to find [email protected] in keytab FILE:/etc/security/keytabs/smokeuser.headless.keytab (unknown enctype)

$ ls -alrt /etc/security/keytabs
total 24
-r--r-----  1 root                wheel  338 Nov 28 13:19 smokeuser.headless.keytab
drwxr-xr-x  5 root                wheel  160 Nov 28 17:16 .

After fixing the permissions to match the currently logged in user, the kinit worked fine! It wasn't anything to do with 'enctype'. Also recent MACOs doesn't need any packages to be installed - not even MIT Kerberos for the client to work good.

1
Facundo Diaz On

It helps to know that default installed kerberos on Mac won't work.

I solved it by installing it with Homebrew: brew install krb5

To avoid using the original binaries, one must also add these paths to the ~/.bashrc or ~/.zshrc file:

export PATH="/usr/local/opt/krb5/bin:$PATH"
export PATH="/usr/local/opt/krb5/sbin:$PATH"

Related Questions in KERBEROS

Related Questions in SPNEGO

Related Questions in ENCTYPE

Related Questions in MIT-KERBEROS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

Copyright © 2021 Jogjafile Inc.