No credentials cache found while validating credentials
There seems to be plenty of HOWTO's on getting Kerberos working with LDAP, with step by step instructions through the process. I have documented here, not a step by step guide, but a list of the issues I have faced configuring Kerberos to work with LDAP when things don't go the way the HOWTO's say it should.
Hopefully each issue will be accompanied by a solution.
klist—Lists your and both current and expired HSI tickets.
kpasswd—Allows you to change your Kerberos password.
If you execute a klist command to list your tickets on a Linux system, you might see the following if you have no tickets.
The ticket cache is placed in different places on different machines.
The system will request your current password before allowing you to enter and confirm a new password. Defaults, output, and some syntax can differ between Kerberos clients, so refer to the man pages on the machine you are using to confirm the details. For these examples, assume a user "someuser" with uid (scientist number) 1234.
A credential cache usually contains one initial ticket which is obtained using a password or another form of identity verification.Entry for principal host/myserver.with kvno 11, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.Entry for principal host/myserver.with kvno 11, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab.Minor code may provide more information: No credentials cache found] Join is OK [[email protected] ~]# cat /etc/krb5[logging] default = FILE:/var/log/krb5kdc = FILE:/var/log/krb5admin_server = FILE:/var/log/[libdefaults] default_realm = MYDOMAIN. COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true # Note: Heimdal 1.3.1 deprecated DES encryption which is required for A`D authentication before Windows Server 2008.