Hi.
It appears to work ok when I run that command, returning this very quickly:
# KRB5_TRACE=/dev/stdout kinit -k 'host/ipa-server.localdomain@LOCALREALM'
[19706] 1559864041.540056: Getting initial credentials for
host/ipa-server.localdomain@LOCALREALM
[19706] 1559864041.540057: Looked up etypes in keytab: aes256-cts, aes128-cts,
des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
[19706] 1559864041.540059: Sending unauthenticated request
[19706] 1559864041.540060: Sending request (221 bytes) to LOCALREALM
[19706] 1559864041.540061: Resolving hostname ipa-server.localdomain
[19706] 1559864041.540062: Initiating TCP connection to stream 172.22.6.6:88
[19706] 1559864041.540063: Sending TCP request to stream 172.22.6.6:88
[19706] 1559864041.540064: Received answer (400 bytes) from stream 172.22.6.6:88
[19706] 1559864041.540065: Terminating TCP connection to stream 172.22.6.6:88
[19706] 1559864041.540066: Response was from master KDC
[19706] 1559864041.540067: Received error from KDC: -1765328359/Additional
pre-authentication required
[19706] 1559864041.540070: Preauthenticating using KDC method data
[19706] 1559864041.540071: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD
(15), PA-PK-AS-REQ_OLD (14), PA-FX-FAST (136), PA-ETYPE-INFO2 (19), PA-PKINIT-KX (147),
PA-ENC-TIMESTAMP (2), PA-FX-COOKIE (133)
[19706] 1559864041.540072: Selected etype info: etype aes256-cts, salt
"LOCALREALMhostipa-server.localdomain", params ""
[19706] 1559864041.540073: Received cookie: MIT
[19706] 1559864041.540074: PKINIT client has no configured identity; giving up
[19706] 1559864041.540075: Preauth module pkinit (147) (info) returned: 0/Success
[19706] 1559864041.540076: PKINIT client has no configured identity; giving up
[19706] 1559864041.540077: Preauth module pkinit (16) (real) returned: 22/Invalid
argument
[19706] 1559864041.540078: PKINIT client has no configured identity; giving up
[19706] 1559864041.540079: Preauth module pkinit (14) (real) returned: 22/Invalid
argument
[19706] 1559864041.540080: Retrieving host/ipa-server.localdomain@LOCALREALM from
FILE:/etc/krb5.keytab (vno 0, enctype aes256-cts) with result: 0/Success
[19706] 1559864041.540081: AS key obtained for encrypted timestamp: aes256-cts/781D
[19706] 1559864041.540083: Encrypted timestamp (for 1559864041.544859): plain
301AA011180F32303139303630363233333430315AA105020308505B, encrypted
08B3042D8AE66FC15F6059376F620C3ABDFD910009117824437E4B5682CF458270762A621A809444A2DE02190FFD0E737A3F697F5F4F62DC
[19706] 1559864041.540084: Preauth module encrypted_timestamp (2) (real) returned:
0/Success
[19706] 1559864041.540085: Produced preauth for next request: PA-FX-COOKIE (133),
PA-ENC-TIMESTAMP (2)
[19706] 1559864041.540086: Sending request (316 bytes) to LOCALREALM
[19706] 1559864041.540087: Resolving hostname ipa-server.localdomain
[19706] 1559864041.540088: Initiating TCP connection to stream 172.22.6.6:88
[19706] 1559864041.540089: Sending TCP request to stream 172.22.6.6:88
[19706] 1559864041.540090: Received answer (1559 bytes) from stream 172.22.6.6:88
[19706] 1559864041.540091: Terminating TCP connection to stream 172.22.6.6:88
[19706] 1559864041.540092: Response was from master KDC
[19706] 1559864041.540093: Processing preauth types: PA-ETYPE-INFO2 (19)
[19706] 1559864041.540094: Selected etype info: etype aes256-cts, salt
"LOCALREALMhostipa-server.localdomain", params ""
[19706] 1559864041.540095: Produced preauth for next request: (empty)
[19706] 1559864041.540096: AS key determined by preauth: aes256-cts/781D
[19706] 1559864041.540097: Decrypted AS reply; session key is: aes256-cts/ED09
[19706] 1559864041.540098: FAST negotiation: available
[19706] 1559864041.540099: Initializing KEYRING:persistent:0:krb_ccache_z1xuQWr with
default princ host/ipa-server.localdomain@LOCALREALM
[19706] 1559864041.540100: Storing host/ipa-server.localdomain@LOCALREALM ->
krbtgt/LOCALREALM@LOCALREALM in KEYRING:persistent:0:krb_ccache_z1xuQWr
[19706] 1559864041.540101: Storing config in KEYRING:persistent:0:krb_ccache_z1xuQWr for
krbtgt/LOCALREALM@LOCALREALM: fast_avail: yes
[19706] 1559864041.540102: Storing host/ipa-server.localdomain@LOCALREALM ->
krb5_ccache_conf_data/fast_avail/krbtgt\/LOCALREALM\@LOCALREALM@X-CACHECONF: in
KEYRING:persistent:0:krb_ccache_z1xuQWr
[19706] 1559864041.540103: Storing config in KEYRING:persistent:0:krb_ccache_z1xuQWr for
krbtgt/LOCALREALM@LOCALREALM: pa_type: 2
[19706] 1559864041.540104: Storing host/ipa-server.localdomain@LOCALREALM ->
krb5_ccache_conf_data/pa_type/krbtgt\/LOCALREALM\@LOCALREALM@X-CACHECONF: in
KEYRING:persistent:0:krb_ccache_z1xuQWr
# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_z1xuQWr
Default principal: host/ipa-server.localdomain@LOCALREALM
Valid starting Expires Service principal
07/06/19 09:34:01 08/06/19 09:34:01 krbtgt/LOCALREALM@LOCALREALM
Is this what you’d expect?
Regards,
Robert.
Show replies by date