blob: 197ed0ecaef909dc6f7eee640c55dd1c56c74c5f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
Troubleshooting
===============
List
----
.. error:: KDC has no support for encryption type while getting
initial credentials
.. error:: credential verification failed: KDC has no support for
encryption type
Add ``allow_weak_crypto = true`` to the [libdefaults] section of
:ref:`krb5.conf(5)`.
Version 1.7+
Seen in: clients
----
.. error:: Hostname cannot be canonicalized
The problem is that ssh is attempting to authenticate to the
canonicalization of inside-host in DNS, but since that's inside your
internal network, there is no DNS available to do the
canonicalization, so one needs to tell GSSAPI what the hostname is
separately.
| Host inside-host
| GSSAPITrustDns no
| HostName inside-host.inside.domain
| ProxyCommand ssh -t jump-box.example.com "nc -w2 %h %p"
``GSSAPITrustDns yes`` is setting the exact opposite of ``rdns =
false``. It's the equivalent of ``rdns = true``.
External links: [http://www.mail-archive.com/kerberos@mit.edu/msg17101.html]
Seen in: ssh
----
.. error:: Wrong principal in request
If referrals are being used, specifying the host to realm mapping in
the krb5 profile results in the referrals logic being disabled and may
solve the problem.
External links: [http://www.mail-archive.com/kerberos@mit.edu/msg16257.html]
Seen in: ssh
----
.. include:: ./install_kdc.rst
:start-after: _prop_failed_start:
:end-before: _prop_failed_end:
----
.. error:: Unable to find requested database type - while initializing
database for realm X.Y
Set **db_module_dir** in :ref:`dbmodules` to the absolute path to the
location of the database plugin
----
Feedback
--------
Please, provide your feedback on this document at
krb5-bugs@mit.edu?subject=Documentation___errors
|
