[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: import from kaserver: passwords work, keytabs don't
In message <firstname.lastname@example.org>, Assar Westerlund writes:
| "Brandon S. Allbery" <email@example.com> writes:
| > (This first showed up when I added kadmin.hprop with kas and imported it,
| > instead of manually adding it to the KDC with kadmin -l. I couldn't repeat
| > the hprop, "Additional pre-aithentication required". The same error shows
| > when using a keytab to kinit.)
| What do you get in the log from your KDC? Do you have enabled
"No PA-ENC-TIMESTAMP -- porok.ece.cmu.edu", the same error I got when porok
didn't have hprop/porok.ece.cmu.edu in its keytab. All entries were in the
keytab, however, and the hprop/porok.ece.cmu.edu entry was imported from the
kaserver's hprop.porok key in both successful and failing attempts.
| required pre-authentication on either kadmin.hprop or on the server?
No. The only difference I could detect in a "get -l", aside from
timestamps, between a key that worked and one that didn't was that the
failing one (imported from the kaserver) was type "des" whereas the one that
worked (created with kadmin -l) was type "des3".
brandon s. allbery [os/2][linux][solaris][japh] firstname.lastname@example.org
system administrator [WAY too many hats] email@example.com
carnegie mellon / electrical and computer engineering KF8NH
We are Linux. Resistance is an indication that you missed the point.