My Oracle Support Banner

SSO WNA: kinit Fails with error: 'Cannot find KDC for requested realm while getting initial credentials' (Doc ID 429809.1)

Last updated on AUGUST 15, 2018

Applies to:

Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.4 [Release 10gR1 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 18-MAY-2016***

Symptoms

10gAS SSO is configured for Windows Native Authentication (WNA) but OC4J_SECURITY Kerberos initialization is failing. 

kinit is run to debug the issue and fails with error 'Cannot find KDC for requested realm while getting initial credentials'.

kinit -k -t sso.keytab HTTP/sso.uk.oracle.com
kinit(v5): Cannot find KDC for requested realm while getting initial credentials 

 

This error is normally due to incorrect realm configuration in the /etc/krb5.conf or %WINDIR%\krb5.ini file on the SSO Server.

However in this case the realm configuration seems correct, e.g.,


.....
[realms] 
ORACLE.COM = { 
    kdc = msad.oracle.com:88 
    admin_server = msad.oracle.com:749 
    default_domain = oracle.com 
} 

[domain_realm] 
    .uk.oracle.com = ORACLE.COM 
    uk.oracle.com = ORACLE.COM 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.