My Oracle Support Banner

SSO WNA: kinit Fails with error: 'Cannot find KDC for requested realm while getting initial credentials' (Doc ID 429809.1)

Last updated on AUGUST 15, 2018

Applies to:

Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.4 [Release 10gR1 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 18-MAY-2016***


10gAS SSO is configured for Windows Native Authentication (WNA) but OC4J_SECURITY Kerberos initialization is failing. 

kinit is run to debug the issue and fails with error 'Cannot find KDC for requested realm while getting initial credentials'.

kinit -k -t sso.keytab HTTP/
kinit(v5): Cannot find KDC for requested realm while getting initial credentials 


This error is normally due to incorrect realm configuration in the /etc/krb5.conf or %WINDIR%\krb5.ini file on the SSO Server.

However in this case the realm configuration seems correct, e.g.,

    kdc = 
    admin_server = 
    default_domain = 

[domain_realm] = ORACLE.COM = ORACLE.COM 


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.