Cannot find key for kvno in keytab

Header Shadow Image

If you are getting this:

krb5_child.log:(Tue Mar 6 23:18:46 2018) [[sssd[krb5_child[3193]]]] [map_krb5_error] (0x0020): 1655: [-1765328340][Cannot find key for nfs/nfs01.nix.my.dom@NIX.my.dom kvno 6 in keytab]

Then you can resolve it by copying the old keytab file back (or removing the incorrect entries using ktutil). In our case we had made a saved copy and readded the NFS principals to the keytab file. You can list out the current principals in the keytab file using:

klist -kte /etc/krb5.keytab

This was followed up by readding missing keytab keys from the IPA server:

ipa-getkeytab -s idmipa01.nix.my.dom -p nfs/nfs-c01.nix.my.dom -k /etc/krb5.keytab
ipa-getkeytab -s idmipa01.nix.my.dom -p nfs/nfs01.nix.my.dom -k /etc/krb5.keytab

Alternately, create the keytab entries manually using ktutil above.

Cheers,
Tom

This entry was posted on Wednesday, March 7th, 2018 at 1:08 am and is filed under NIX Posts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

You must be logged in to post a comment.

April 2024

M T W T F S S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30

« Mar
Categories
- Assorted Nuts (8)
- Cloud (1)
- Hardware (3)
- JADDB (1)
- Network (8)
- NIX Posts (420)
- Perl (5)
- Web (9)
- Windows (12)
Blogroll
- Micro Dev Sys (Facebook)
Databases
Java
- Java Gaming Forums
- java.sun.com
Languages
Linux
Miscellaneous
- Quotations
Perl
- PERL Knowledge Base
- Perl Monks Forum
Scripting
- AWK Cheat Sheet
- Effective AWK Programming
Web
- Web Hosting Chat
- Web Hosting Directory

April 2024
M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30


	Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved. This work is licensed under a Creative Commons Attribution 3.0 Unported License Privacy / Use / Terms / Disclaimer Policy.

Thoughts and Scribbles | MicroDevSys.com