I am trying to validate a keytab file. I am getting the following error message
kinit: Keytab contains no suitable keys for HTTP/HTTP/xxxx.abc.com@abc.com while getting initial credentials
When enabled trace I got the following messages
#KRB5_TRACE=/dev/stdout kinit -k -t xxx.keytab HTTP/xxxx.abc.com@abc.com
Using default cache: /tmp/krb5cc_1001
Using principal: HTTP/xxxx.abc.com@abc.com
Using keytab: xxx.keytab
[20299] 1557905070.909564: Getting initial credentials for HTTP/xxxx.abc.com@abc.com
[20299] 1557905070.909565: Looked up etypes in keytab: (empty)
[20299] 1557905070.909566: Getting initial credentials for HTTP/xxxx.abc.com@abc.com
[20299] 1557905070.909567: Looked up etypes in keytab: (empty)
kinit: Keytab contains no suitable keys for HTTP/HTTP/xxxx.abc.com@abc.com while getting initial credentials
Any idea why I am getting the etypes list as empty. I created the keytab file using -crypto ALL option.
Any help in this issue is highly appreciated
The problem was when I use ktpass command to create keytab file, the principal added inside was using the realm name in small letters HTTP/xxxx.abc.com@abc.com. I rectified this issue by creating a keytab file on linux server using ktutil command and adding principal with realm name in capital letters typing it manually HTTP/xxxx.abc.com@ABC.COM using addentry. It worked for me