[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

import from kaserver: passwords work, keytabs don't

To: heimdal-discuss@sics.se
Subject: import from kaserver: passwords work, keytabs don't
From: "Brandon S. Allbery" <allbery@ece.cmu.edu>
Date: Mon, 25 Jan 1999 21:21:34 -0500
Sender: owner-heimdal-discuss@sics.se

I don't know if this is because I did something wrong or because heimdal
isn't quite there yet, or if this is a legitimate bug.

I've been experimenting with heimdal, and recently have been using hprop to
import entries from ece.cmu.edu's kaserver.DB0 into my test KDC.  The result
of this is somewhat interesting:  I can kinit fine with a password, but
not with a keytab.  The same operation worked fine when using MIT Kerberos 5
with the NRL patches and afs2k5db.

(This first showed up when I added kadmin.hprop with kas and imported it,
instead of manually adding it to the KDC with kadmin -l.  I couldn't repeat
the hprop, "Additional pre-aithentication required".  The same error shows up
when using a keytab to kinit.)

As far as I can tell, the difference is that it works if the principal has a
des3 key (as opposed to des key with AFS salt, as imported from the kaserver).

So, is this a deficiency, an outright bug, or did I manage to miss something
(but the only difference from the successful attempts is that kadmin/hprop
is now imported from the kaserver)?

-- 
brandon s. allbery	[os/2][linux][solaris][japh]	 allbery@kf8nh.apk.net
system administrator	     [WAY too many hats]	   allbery@ece.cmu.edu
electrical and computer engineering					 KF8NH
carnegie mellon university	      ["God, root, what is difference?" -Pitr]

Follow-Ups:
- Re: import from kaserver: passwords work, keytabs don't
  - From: Assar Westerlund <assar@sics.se>

Prev by Date: Re: dump/load bug (again)
Next by Date: Re: strtok_r in glibc 2.0.7 bugginess
Prev by thread: Re: dump/load bug (again)
Next by thread: Re: import from kaserver: passwords work, keytabs don't
Index(es):
- Date
- Thread