SSO WNA: kinit Fails with error: 'Cannot find KDC for requested realm while getting initial credentials' (Doc ID 429809.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.4 [Release 10gR1 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 18-MAY-2016***

Symptoms

10gAS SSO is configured for Windows Native Authentication (WNA) but OC4J_SECURITY Kerberos initialization is failing. 

kinit is run to debug the issue and fails with error 'Cannot find KDC for requested realm while getting initial credentials'.

kinit -k -t sso.keytab HTTP/sso.uk.oracle.com
kinit(v5): Cannot find KDC for requested realm while getting initial credentials 

 

This error is normally due to incorrect realm configuration in the /etc/krb5.conf or %WINDIR%\krb5.ini file on the SSO Server.

However in this case the realm configuration seems correct, e.g.,


.....
[realms] 
ORACLE.COM = { 
    kdc = msad.oracle.com:88 
    admin_server = msad.oracle.com:749 
    default_domain = oracle.com 
} 

[domain_realm] 
    .uk.oracle.com = ORACLE.COM 
    uk.oracle.com = ORACLE.COM 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms