[28857] in Kerberos
Re: password incorrect but it's not, works fine with Solaris + MIT?
daemon@ATHENA.MIT.EDU (Steve Devine)
Sat Dec 8 07:45:37 2007
From: Steve Devine <devine.steve@gmail.com>
Date: Sat, 8 Dec 2007 04:35:25 -0800 (PST)
Message-ID: <61986438-9ac2-4f72-a96d-018397aa8b4e@d21g2000prf.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Dec 7, 3:59 pm, Jeff Blaine <jbla...@kickflop.net> wrote:
> What am I doing wrong this time?
>
> -bash-2.05b# /usr/kerberos/bin/kinit jbla...@RCF.FOO.COM
> Password for jbla...@RCF.FOO.COM:
> kinit(v5): Password incorrect while getting initial credentials
> -bash-2.05b#
>
> -bash-2.05b# rpm -qa | grep krb5
> krb5-workstation-1.2.7-38
> krb5-libs-1.2.7-38
> pam_krb5-1.70-1
> krb5-devel-1.2.7-38
> -bash-2.05b# uname -a
> Linux blackbird-vm2 2.4.21-53.EL #1 Wed Nov 14 04:02:23 EST 2007
> i686 i686 i386 GNU/Linux
> -bash-2.05b#
>
> However, /usr/rcf-krb5/bin/kinit jbla...@RCF.FOO.COM works
> fine on a Solaris 9 box (which has our MIT krb5 build).
>
> BOTH hosts have the same exact /etc/krb5.conf
>
> krb5kdc says:
>
> Dec 07 15:46:49 silmaril.foo.com krb5kdc[26865](info):
> AS_REQ (5 etypes {16 23 1 3 2}) 129.xx.xx.xx: ISSUE: authtime
> 1197060409, etypes {rep=1 tkt=16 ses=16}, jbla...@RCF.FOO.COM
> for krbtgt/RCF.FOO....@RCF.FOO.COM
>
> Principal looks like:
>
> kadmin: getprinc jblaine
> Principal: jbla...@RCF.FOO.COM
> Expiration date: Wed Dec 30 19:00:00 EST 2037
> Last password change: [never]
> Password expiration date: [none]
> Maximum ticket life: 14 days 00:00:00
> Maximum renewable life: 7 days 00:00:00
> Last modified: Mon Oct 29 21:08:00 EDT 2007 (jbla...@RCF.FOO.COM)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
> Number of keys: 1
> Key: vno 5, DES cbc mode with CRC-32, AFS version 3
> Attributes:
> Policy: [none]
> kadmin:
Does your client talk in single des? Maybe if you force your enctype
in krb5.conf on the client (Although I dont think this is
recommended. )
What enctypes do you have in the kdc.conf? You might add some enctypes
to your kdc .. then reset the password and try again.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
