[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: import from kaserver: passwords work, keytabs don't
In message <5lemocih5e.fsf@assaris.sics.se>, Assar Westerlund writes:
+-----
| "Brandon S. Allbery" <allbery@ece.cmu.edu> writes:
| > (This first showed up when I added kadmin.hprop with kas and imported it,
| > instead of manually adding it to the KDC with kadmin -l. I couldn't repeat
| > the hprop, "Additional pre-aithentication required". The same error shows
| up
| > when using a keytab to kinit.)
|
| What do you get in the log from your KDC? Do you have enabled
+--->8
"No PA-ENC-TIMESTAMP -- porok.ece.cmu.edu", the same error I got when porok
didn't have hprop/porok.ece.cmu.edu in its keytab. All entries were in the
keytab, however, and the hprop/porok.ece.cmu.edu entry was imported from the
kaserver's hprop.porok key in both successful and failing attempts.
| required pre-authentication on either kadmin.hprop or on the server?
+--->8
No. The only difference I could detect in a "get -l", aside from
timestamps, between a key that worked and one that didn't was that the
failing one (imported from the kaserver) was type "des" whereas the one that
worked (created with kadmin -l) was type "des3".
--
brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering KF8NH
We are Linux. Resistance is an indication that you missed the point.