Kerberos kinit: Resource temporarily unavailable while getting initial credentials
Okay so it does work now. Things I did to fix it:
/etc/resolv.conf
mycompany.com 127.0.0.1
/etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.96.140 sandbox.hortonworks.com sandbox ambari.hortonworks.com
127.0.0.1 mycompany.com kerberos.mycompany.com
And, most embarrassing: I used kinit mycompany/admin for the principal user/[email protected] which is of course wrong.
The right call is of course kinit user/admin
Lincoln
Updated on June 27, 2022Comments
-
Lincoln almost 2 years
I am in the process of setting up Kerberos on a CentOS7 (more specific: the Hortonworks HDP 2.3 sandbox) running in a VirtualBox VM. My problem is that kinit seems to be unable to reach my KDC, the answer is "Resource temporarily unavailable while getting inital credentials" if I add an address in my /etc/hosts file and if I leave that file as is I get the message "could not contact any host for realm mycompany while getting initial credentials".
The KDC is running (can find it with ps plus the service starts with an "okay" message), same for kadmin.As a guide for setting up kerberos I followed these two guides:
CentOS guide
Guide 2My config files: krb5.conf
[logging] default = FILE:/var/log/krb5libs.log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log [libdefaults] default_realm = MYCOMPANY.COM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] MYCOMPANY.COM = { kdc = kerberos.mycompany.com admin_server = kerberos.mycompany.com } [domain_realm] .mycompany.com = MYCOMPANY.COM mycompany.com = MYCOMPANY.COM
kdc.conf
[kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88,750 [realms] MYCOMPANY.COM = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal }
kadm5.acl
*/[email protected] *
/etc/hosts
127.0.0.1 localhost.localdomain localhost 192.168.96.140 sandbox.hortonworks.com sandbox ambari.hortonworks.com 192.168.1.3 mycompany.com kerberos.mycompany.com
I get the "Resource..." error if I have any address in the third line of the hosts file, if that line is missing I get the "could not contact..." error.
I could trace the kinit command with something along the lines of krb5_trace or something (unfortunately I can't find the link I got it from any more nor remember the exact command) to the address specified in the host file so kinit seems to contact the fitting address, its just that the KDC does not listen there.
Netstat shows that the KDC is listening on the ports specified in the kdc.confAny help would be appreciated
-
Arjen P. De Vries over 6 yearsI think you should have used
kinit user/[email protected]
, i.e., the realm is case sensitive.