No suitable Keytab error
Closed this issue · 3 comments
I'm trying to enroll certificates for linux client from cep/ces windows ca.
when I perform a certificate request I get this output:
Number of certificates and requests being tracked: 1.
Request ID 'routercrt':
status: CA_UNCONFIGURED
stuck: yes
key pair storage: type=FILE,location='/certs/machine.key'
certificate: type=FILE,location='/certs/machine.crt'
CA: cepces
issuer:
subject:
expires: unknown
pre-save command:
post-save command:
track: yes
auto-renew: yes
File "/usr/local/lib/python3.8/dist-packages/cepces-0.3.4-py3.8.egg/cepces/config.py", line 140, in load
return Configuration.from_parser(config)
File "/usr/local/lib/python3.8/dist-packages/cepces-0.3.4-py3.8.egg/cepces/config.py", line 178, in from_parser
return Configuration(endpoint, endpoint_type, cas, authn.handle())
File "/usr/local/lib/python3.8/dist-packages/cepces-0.3.4-py3.8.egg/cepces/auth.py", line 93, in handle
raise RuntimeError('No suitable key found in keytab.')
RuntimeError: No suitable key found in keytab.
any help please?
Looks like you don't have a machine keytab. Are you joined to a domain (with winbind or sssd)?
FYI, cepces uses the python requests-kerberos package to authenticate, and as pointed out by the documentation here:
In order to use this library, there must already be a Kerberos Ticket-Granting Ticket(TGT) cached in a Kerberos credential cache... In short, the library will handle the "negotiations" of Kerberos authentication, but ensuring that an initial TGT is available and valid is the responsibility of the user.