[31754] in Kerberos
ktpass troubles
daemon@ATHENA.MIT.EDU (Vitaly Tskhovrebov)
Thu Dec 10 13:24:57 2009
From: Vitaly Tskhovrebov <Vitaly.Tskhovrebov@exigenservices.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Thu, 10 Dec 2009 17:46:28 +0300
Message-ID: <B6C4EB6BB2F4654C835D1F7319E4E6742B7DBE456D@SPBEX03.internal.corp>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1004113900=="
Errors-To: kerberos-bounces@mit.edu
--===============1004113900==
Content-Language: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=SHA1; boundary="----=_NextPart_000_007E_01CA79C0.B391A9B0"
------=_NextPart_000_007E_01CA79C0.B391A9B0
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: 7bit
Hi.
I'm trying to use krb authentication on linux box with apache.
I've done the following on W2K3 PDC:
ktpass -princ host/web.company.ru@COMPANY.RU -pass qwerty -mapuser
D\web_http -out host.keytab -ptype KRB5_NT_SRV_HST -kvno 1
Successfully mapped host/web.company.ru@COMPANY.RU to web_http.
WARNING: pType and account type do not match. This might cause problems.
Key created.
Output keytab to host.keytab:
Keytab version: 0x502
keysize 75 host/web.company.ru ptype 3 (KRB5_NT_SRV_HST) vn
o 1 etype 0x17 (RC4-HMAC) keylength 16 (0xeddf60686996d8ba2d81cfd15da42bd3)
the same for
ktpass -princ HTTP/web.company.ru@COMPANY.RU -pass qwerty -mapuser
D\web_http -out http.keytab -kvno 1
and then
setspn.exe -A HTTP/web.company.ru web
after that I made several steps on linux box making a keytab for apache, and
trying to test:
ktutil: read_kt host.keytab
ktutil: read_kt http.keytab
ktutil: list
slot KVNO Principal
---- ---- ------------------------------------
1 1 host/web.company.ru@COMPANY.RU
2 1 HTTP/web.company.ru@COMPANY.RU
ktutil: write_kt apache.keytab
kinit -t apache.keytab -k HTTP/web.company.ru@COMPANY.RU
# IT'S OK!
kinit -t apache.keytab -k host/web.company.ru@COMPANY.RU
kinit(v5): Client not found in Kerberos database while getting initial
credentials
Ethereal told that krb5kdc_err_s_principal_unknown.
Where I'm wrong?
--
Vitaly.
------=_NextPart_000_007E_01CA79C0.B391A9B0
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILGTCCBGUw
ggNNoAMCAQICEGB5NthtErSoRVdno32B4U8wDQYJKoZIhvcNAQEFBQAwPTEUMBIGCgmSJomT8ixk
ARkWBGNvcnAxGDAWBgoJkiaJk/IsZAEZFghpbnRlcm5hbDELMAkGA1UEAxMCY2EwIBcNMDgxMDEw
MTM1NDI3WhgPMjEwNzEwMTAxNDAzMTlaMD0xFDASBgoJkiaJk/IsZAEZFgRjb3JwMRgwFgYKCZIm
iZPyLGQBGRYIaW50ZXJuYWwxCzAJBgNVBAMTAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAtoLyXLwaKFmuS3+J7no94+mp1m5AqSbfrdype1uvDJgw/Nyi5PiMlZxgr+RAzFxqOinV
4YXU3mRVQ10BB45MPKaW0qPV7tN3XArHl9WuNERH/23uSq46Ct0f1jHFhjAwK5gJXi2GN/Q4zeJg
WCijFFQfH5asMz8/Vm4bNfz3iNFODAJRIuQGAm2rjMn+SEAuaJIC6nyWyVBLHONJQp0bYpP/OLu6
bwLTuf0nePIKtXCi/e5ZE7hcJ15BhnO4RKTo5lumFPdZeK4PQwGhjL5y5HnNnxGm7Zo1Umh+TO4p
7gRA0GIIOfB7hAUg/Hz5LbZPzbhX/O+POC3y64qIbMtYTwIDAQABo4IBXTCCAVkwEwYJKwYBBAGC
NxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKPenadd
CN0TWRoRhEx8pCM5VrcpMIHyBgNVHR8EgeowgecwgeSggeGggd6GgatsZGFwOi8vL0NOPWNhLENO
PXNwYmRjMDIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENO
PUNvbmZpZ3VyYXRpb24sREM9aW50ZXJuYWwsREM9Y29ycD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M
aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGLmh0dHA6Ly9zcGJkYzAy
LmludGVybmFsLmNvcnAvQ2VydEVucm9sbC9jYS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI
hvcNAQEFBQADggEBAB1jP5SjhE6+F3FAcxOprRqQiMD4WFyawb27zSjdgPc9Vr7W8/iMdSbg6h7d
hGwPkMt80ITwu1C6IPgiDU4P0Tu3NaGft6JhJiWzne2wPDiUa3B4e9tfTcHZvlR+MSAJxGq8Mq9L
yTqqjspkJbHKPzapAW+uTBtqOXz/UsqT0EOwdJDuW3r9nxJCV2WybF6EeLER5JiuSO48NUvsxgo6
o919rVTn38+LJsdnllcoKnQF65Sg+Xbdqn1CGUCrtAUc+sbVuqP6qN+pg0WkyVY5b+YRzXv2ZuR7
Gs9zUWmXv/ifsuW0p+ll7Fn3ul6fnufL8xv5gNvDrDw0z7U6FIQeI7UwggasMIIFlKADAgECAgpw
C7d3AAAAACXuMA0GCSqGSIb3DQEBBQUAMD0xFDASBgoJkiaJk/IsZAEZFgRjb3JwMRgwFgYKCZIm
iZPyLGQBGRYIaW50ZXJuYWwxCzAJBgNVBAMTAmNhMB4XDTA5MDIyNzIyMDYwN1oXDTEwMDIyNzIy
MDYwN1owgeIxFDASBgoJkiaJk/IsZAEZFgRjb3JwMRgwFgYKCZImiZPyLGQBGRYIaW50ZXJuYWwx
EDAOBgNVBAsTB0NvbXBhbnkxDDAKBgNVBAsTA0NJUzEOMAwGA1UECxMFU2l0ZXMxDDAKBgNVBAsT
A1NQQjEOMAwGA1UECxMFVXNlcnMxDzANBgNVBAsTBkNvbW1vbjEbMBkGA1UEAxMSVml0YWx5IFRz
a2hvdnJlYm92MTQwMgYJKoZIhvcNAQkBFiVWaXRhbHkuVHNraG92cmVib3ZAZXhpZ2Vuc2Vydmlj
ZXMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8KTvycZZiM2Qjf0GaMd/p1Hd4hKvX
/tx5QXaP+vsTEpbohtwjMGl9xPVmbB7Jm80TLeTz0TCh11aKRXmZ7UVgnkOA2IJzR/4YAIwTNLi1
52lrRH9VDRPmGl+Z2QBWRBpdQcVDfm15Pjgz1+KxIAfBgeVIlgiDWIp9A9eEiDBLBwIDAQABo4ID
ijCCA4YwCwYDVR0PBAQDAgWgMDYGCSqGSIb3DQEJDwQpMCcwDQYIKoZIhvcNAwICATgwDQYIKoZI
hvcNAwQCATgwBwYFKw4DAgcwHQYDVR0OBBYEFB9RCgDlVQGpW123iylLjiqSoDinMEAGCSsGAQQB
gjcVBwQzMDEGKSsGAQQBgjcVCIa8kCaEl8hIgY2DIYaYrSSEycYcgXqDlPLKF4iuvYpDAgFkAgEG
MB8GA1UdIwQYMBaAFKPenaddCN0TWRoRhEx8pCM5VrcpMIHyBgNVHR8EgeowgecwgeSggeGggd6G
gatsZGFwOi8vL0NOPWNhLENOPXNwYmRjMDIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp
Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9aW50ZXJuYWwsREM9Y29ycD9jZXJ0
aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9p
bnSGLmh0dHA6Ly9zcGJkYzAyLmludGVybmFsLmNvcnAvQ2VydEVucm9sbC9jYS5jcmwwggEIBggr
BgEFBQcBAQSB+zCB+DCBowYIKwYBBQUHMAKGgZZsZGFwOi8vL0NOPWNhLENOPUFJQSxDTj1QdWJs
aWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWludGVy
bmFsLERDPWNvcnA/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25B
dXRob3JpdHkwUAYIKwYBBQUHMAKGRGh0dHA6Ly9zcGJkYzAyLmludGVybmFsLmNvcnAvQ2VydEVu
cm9sbC9zcGJkYzAyLmludGVybmFsLmNvcnBfY2EuY3J0MCkGA1UdJQQiMCAGCCsGAQUFBwMCBggr
BgEFBQcDBAYKKwYBBAGCNwoDBDA1BgkrBgEEAYI3FQoEKDAmMAoGCCsGAQUFBwMCMAoGCCsGAQUF
BwMEMAwGCisGAQQBgjcKAwQwWgYDVR0RBFMwUaAoBgorBgEEAYI3FAIDoBoMGFZUc2tob3ZyZWJv
dkBzdGFyLXN3LmNvbYElVml0YWx5LlRza2hvdnJlYm92QGV4aWdlbnNlcnZpY2VzLmNvbTANBgkq
hkiG9w0BAQUFAAOCAQEAH2l++udswXO2dXwR5CI/UKdpaadKACNFT515z3X4luIywi3WF7UeeQ1Z
rbXWQRxjyvdO9+0D4kOrpAo10deVEb04xsTGQ6k8ewZxqKm8D2UoFpdOAwC3OP9BvpzQpsZvqe4G
t4AFFsYm1a5mRh8Tz6OVpQAD1AYkPC5aDmvbiC9Jg6u4lfjox9KxYc49u8rW0eyObOf5TKcMCUdc
CIwGKWt9pBpIwKkne/8f6rGdZ7xiBLxP3L+hvOc30Js8I8tghxAuhVlh64wspCaDxebLlWLqHStO
jdHqWgMzrV4ZXndJorqTaaM7lAps9GZ/ZH1pavrJvnllKVBk0/tsJ1qz5zGCAnUwggJxAgEBMEsw
PTEUMBIGCgmSJomT8ixkARkWBGNvcnAxGDAWBgoJkiaJk/IsZAEZFghpbnRlcm5hbDELMAkGA1UE
AxMCY2ECCnALt3cAAAAAJe4wCQYFKw4DAhoFAKCCAYAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMDkxMjEwMTQ0NjI4WjAjBgkqhkiG9w0BCQQxFgQUl+kJpHuftVw4
AyAilqxfObXx0HEwWgYJKwYBBAGCNxAEMU0wSzA9MRQwEgYKCZImiZPyLGQBGRYEY29ycDEYMBYG
CgmSJomT8ixkARkWCGludGVybmFsMQswCQYDVQQDEwJjYQIKcAu3dwAAAAAl7jBcBgsqhkiG9w0B
CRACCzFNoEswPTEUMBIGCgmSJomT8ixkARkWBGNvcnAxGDAWBgoJkiaJk/IsZAEZFghpbnRlcm5h
bDELMAkGA1UEAxMCY2ECCnALt3cAAAAAJe4wZwYJKoZIhvcNAQkPMVowWDAKBggqhkiG9w0DBzAO
BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwBwYF
Kw4DAhowCgYIKoZIhvcNAgUwDQYJKoZIhvcNAQEBBQAEgYA7OlExtAaG89xFoC1HOu3an7b69sEo
EEz/Fg2d8/LfYde6kappt7+up8+Kyh2lyhHa5B5kTWfkih0wB69BsIdVib9l0gT7zGJh3qBDFzB/
zb9SLrrGnqmox/rDTbRlWt2doufz5tsfWmfcGvWZs9Pd5gRJKz7EsAZ34m6iZm04SgAAAAAAAA==
------=_NextPart_000_007E_01CA79C0.B391A9B0--
--===============1004113900==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1004113900==--
