[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
import from kaserver: passwords work, keytabs don't
I don't know if this is because I did something wrong or because heimdal
isn't quite there yet, or if this is a legitimate bug.
I've been experimenting with heimdal, and recently have been using hprop to
import entries from ece.cmu.edu's kaserver.DB0 into my test KDC. The result
of this is somewhat interesting: I can kinit fine with a password, but
not with a keytab. The same operation worked fine when using MIT Kerberos 5
with the NRL patches and afs2k5db.
(This first showed up when I added kadmin.hprop with kas and imported it,
instead of manually adding it to the KDC with kadmin -l. I couldn't repeat
the hprop, "Additional pre-aithentication required". The same error shows up
when using a keytab to kinit.)
As far as I can tell, the difference is that it works if the principal has a
des3 key (as opposed to des key with AFS salt, as imported from the kaserver).
So, is this a deficiency, an outright bug, or did I manage to miss something
(but the only difference from the successful attempts is that kadmin/hprop
is now imported from the kaserver)?
brandon s. allbery [os/2][linux][solaris][japh] email@example.com
system administrator [WAY too many hats] firstname.lastname@example.org
electrical and computer engineering KF8NH
carnegie mellon university ["God, root, what is difference?" -Pitr]