No key table entry found matching HTTP/myspn.domain.local/domain.local@

[ep5000]

I've been testing this library with a kerberos setup that works using Apache/mod_auth_gssapi . While my krb5.conf and krb5.keytab work with Apache with this library I continually get the following error:

No key table entry found matching HTTP/myspn.domain.local/domain.local@

Notice the domain being appended to the end of the SPN and being blank after the @ sign.

kinit -kt krb5.keytab works fine.

My environment:

• Python 3.11.2
• OS: Debian Bookworm

[jborean93]

This library is really just a wrapper around the krb5 C library. It doesn't do any processing/building of the SPNs or parsing keytabs, it merely passes along the paths and other arguments provided. Most likely you'll want to change the principal name type to hostbased_service and use the form [email protected]. If you can share more code on how you are actually using this library I may be able to provide more guidance.