Header Shadow Image

«
»

Cannot find key for kvno in keytab

If you are getting this:

krb5_child.log:(Tue Mar  6 23:18:46 2018) [[sssd[krb5_child[3193]]]] [map_krb5_error] (0x0020): 1655: [-1765328340][Cannot find key for nfs/nfs01.nix.my.dom@NIX.my.dom kvno 6 in keytab]

Then you can resolve it by copying the old keytab file back (or removing the incorrect entries using ktutil).  In our case we had made a saved copy and readded the NFS principals to the keytab file.  You can list out the current principals in the keytab file using:

klist -kte /etc/krb5.keytab

This was followed up by readding missing keytab keys from the IPA server:

ipa-getkeytab -s idmipa01.nix.my.dom -p nfs/nfs-c01.nix.my.dom -k /etc/krb5.keytab
ipa-getkeytab -s idmipa01.nix.my.dom -p nfs/nfs01.nix.my.dom -k /etc/krb5.keytab

Alternately, create the keytab entries manually using ktutil above.

Cheers,
Tom

 

This entry was posted on Wednesday, March 7th, 2018 at 1:08 am and is filed under NIX Posts. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
     
  Copyright © 2003 - 2025 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License

  

0
Would love your thoughts, please comment.x
()
x
The IT Development and Technology Mini Vault | MicroDevSys.com
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.