Kinit no credentials cache file found validating tgt
In other cases, one of these may be the root of the problem but with no obvious indications that this is the case.
For example, issues that are the result of name resolution problems often appear with symptoms that seem to have no relation to name resolution.
Cause: The password that you specified has been used before by this principal.
Solution: Choose a password that has not been chosen before, at least not within the number of passwords that are kept in the KDC database for each principal. Cause: Authentication with checksum was not negotiated with the client.
Kerberos Troubleshooting Tips LDAP Troubleshooting Tips This section will help you troubleshoot Kerberos authentication problems in a heterogeneous UNIX and Microsoft® Windows® operating system environment.
A good place to start is with the following white paper, “Troubleshooting Kerberos Errors,” which provides background and Microsoft-specific guidance and is available at
Solution: Make sure that the client is using a Kerberos V5 protocol that supports initial connection support.
This is what a keytab is, a local copy of the shared secret for that service.
A keytab can also be used as a cache for obtaining Kerberos Ticket-Granting-Tickets (TGTs), but that is for when you want your host to act as a client for a Kerberos server, not as a server.
Do not rule out one of these issues just because there is not an obvious pointer to it. Time differences are a common factor when dealing with Kerberos configuration.
Kerberos requires that all the computers in the environment have system times within 5 minutes of one another.