[26746] in Kerberos

home help back first fref pref prev next nref lref last post

kinit(v5): KRB5 error code 68 while getting initial credentials

daemon@ATHENA.MIT.EDU (Djihangiroff, Matthias (KC-DD))
Mon Sep 25 09:32:05 2006

Content-Class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 25 Sep 2006 15:32:44 +0200
Message-ID: <A4987E8FC1C6CD44805DDE5676EE262E9E6B8C@w2kmail.konzern.intern>
From: "Djihangiroff, Matthias (KC-DD)" <Matthias.Djihangiroff@persona.de>
To: <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

I have a huge Problem.

Im trying to install a SSO for our Intranet-Webserver (Apache 2.0.55) on
a SuSE Linux 10.0.
Ist running very fine.

But we have some Computers, which are NOT Part of the Active Directory
Domain, so there the sso doesnt work.
If the paste their Usernames into the Auth-Box
(firstname.lastname@persona.de) it doesnt work. But the Useraccount
exists in the AD.

If they paste the real username (e.g. firstname.lastname@KONZERN.INTERN)
it works fine.
The problem: The user dont Know his real AD-Name. He knows just hier
emailadress (firstname.lastname@persona.de)

Anyone a solution?


My krb5.conf

"[libdefaults]
        default_realm = KONZERN.INTERN
        clockskew = 300

[realms]
        KONZERN.INTERN = {
                kdc = w2kroot.konzern.intern
                default_domain = konzern.intern
                admin_server = w2kroot
        }

        persona.de = {
                kdc = w2kroot.konzern.intern
                default_domain = konzern.intern
                admin_server = w2kroot
        }

[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log
[domain_realm]
        .konzern.intern = KONZERN.INTERN
[appdefaults]
        pam = {
                ticket_lifetime = 1d
                renew_lifetime = 1d
                forwardable = true
                proxiable = false
                retain_after_close = false
                minimum_uid = 0
                try_first_pass = true
        }
"

Running from the command shell: kinit
matthias.djihangirof@KONZERN.INTERN, all is fine (look at the missing f
in my name)
If i run kinit matthias.djihangiroff@persona.de (which ist my regular
windows login), i get an kinit(v5): KRB5 error code 68 while getting
initial credentials.

I hope someone can help me.



###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.f-secure.com/
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post