The Problem
Not able to log into Kerberos using the keytab file. When trying to use the keytab file to log in, the following error is seen:
Command:
kinit -k -V -t [name].keytab HTTP/[PrincipalName]
Error:
kinit: preauthentication failed while getting initial credentials
The Solution
The error, “Preauthentication failed while getting initial credentials” happens when the password is incorrect.
Update the keytab file on the problematic Kerberos client with the key provided from the Kerberos server. Follow the below steps:
1. Use ktpass on the Windows command line to create a key file using the command:
ktpass -princ [PrincipalName] -mapuser [UserAccount] -pass [password] -out [filename].ktf
2. Copy the [filename].ktf key file to the Kerberos client.
3. Move /etc/krb5.keytab to a backup file, for example:
# mv /etc/krb5.keytab /etc/krb5.keytab.old
4. Use ktutil to create a new keytab file from the key file. For example:
# /[path]/krb5/bin/ktutil
5. Issue “klist -e -k” to list the contents of the default keytab file with encryption types.
# klist -e -k
6. Try the kinit command again and it should succeed this time.
# kinit -k [PrincipalName]