[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kpasswdd configuration question

To: heimdal-discuss@sics.se
Subject: kpasswdd configuration question
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Wed, 3 Mar 2004 11:19:58 -0800
In-Reply-To: <4045DA5C.6D8FA58E@anl.gov>
References: <002501c40052$1f340e40$6501010a@C5043436><404489B4.12FD993A@anl.gov> <4044C857.30502@kzsdabas.sulinet.hu><4044E22B.3000405@kzsdabas.sulinet.hu><003701c40107$bdb39bc0$6501010a@C5043436> <4045DA5C.6D8FA58E@anl.gov>
Sender: owner-heimdal-discuss@sics.se

I can't get a hand-installed 0.6 version to do the same thing that 
the built-in 0.53 in NetBSD does.

I'm using the Heimdal kinit and Heimdal kpasswd with a Heimdal kdc on 
the same test machine. kpasswd doesn't work.

Could someone just tell me which entries in the krb5.conf I need to 
inspect?  I should mention that the db was created by hprod from a 
kaserver db and not with a kadmin -l/init.  (I did a kadmin -l/add -r 
for the extra principals needed after the import.)

># kinit hotz
>hotz@JPL.NASA.GOV's Password:
># klist
>Credentials cache: FILE:/tmp/krb5cc_0
>         Principal: hotz@JPL.NASA.GOV
>
>   Issued           Expires          Principal                    
>Mar  3 10:50:34  Mar  3 20:50:34  krbtgt/JPL.NASA.GOV@JPL.NASA.GOV
>Mar  3 10:50:34  Mar  3 20:50:34  afs@JPL.NASA.GOV               
>
>    V4-ticket file: /tmp/tkt0
>         Principal: hotz@JPL.NASA.GOV
>
>   Issued           Expires          Principal                    
>Mar  3 10:50:34  Mar  3 20:50:34  krbtgt.JPL.NASA.GOV@JPL.NASA.GOV
># which kpasswd
>/usr/heimdal/bin/kpasswd
># kpasswd hotz
>hotz@JPL.NASA.GOV's Password:
>New password:
>Verifying password - New password:
>Malformed : client: wrong len in reply

The relevant entries in the kdc.log are:

>2004-03-03T10:50:34 AS-REQ hotz@JPL.NASA.GOV from 
>IPv4:128.149.197.132 for krbtgt/JPL.NASA.GOV@JPL.NASA.GOV
>2004-03-03T10:50:34 Using des-cbc-md5/des-cbc-md5
>2004-03-03T10:50:34 Requested flags: renewable, proxiable, forwardable
>2004-03-03T10:50:34 sending 608 bytes to IPv4:128.149.197.132
>2004-03-03T10:50:34 524-REQ hotz@JPL.NASA.GOV from 
>IPv4:128.149.197.132 for krbtgt/JPL.NASA.GOV@JPL.NASA.GOV
>2004-03-03T10:50:34 sending 1266 bytes to IPv4:128.149.197.132
>2004-03-03T10:50:34 TGS-REQ hotz@JPL.NASA.GOV from 
>IPv4:128.149.197.132 for afs@JPL.NASA.GOV
>2004-03-03T10:50:34 sending 508 bytes to IPv4:128.149.197.132
>2004-03-03T10:50:34 524-REQ hotz@JPL.NASA.GOV from 
>IPv4:128.149.197.132 for afs@JPL.NASA.GOV
>2004-03-03T10:50:34 sending 1266 bytes to IPv4:128.149.197.132
>2004-03-03T10:51:03 AS-REQ hotz@JPL.NASA.GOV from 
>IPv4:128.149.197.132 for kadmin/changepw@JPL.NASA.GOV
>2004-03-03T10:51:03 Using des-cbc-md5/des3-cbc-sha1
>2004-03-03T10:51:03 sending 600 bytes to IPv4:128.149.197.132

-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: kpasswdd configuration question
  - From: Love <lha@stacken.kth.se>

References:
- Kerberos IF_RELEVANT/PAC structure question
  - From: "Ronnie Sahlberg" <ronnie_sahlberg@ozemail.com.au>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: Gémes Géza <geza@kzsdabas.sulinet.hu>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: Gémes Géza <geza@kzsdabas.sulinet.hu>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: "Ronnie Sahlberg" <ronnie_sahlberg@ozemail.com.au>
- Re: Kerberos IF_RELEVANT/PAC structure question
  - From: "Douglas E. Engert" <deengert@anl.gov>

Prev by Date: Re: Kerberos IF_RELEVANT/PAC structure question
Next by Date: Re: kpasswdd configuration question
Prev by thread: Re: Kerberos IF_RELEVANT/PAC structure question
Next by thread: Re: kpasswdd configuration question
Index(es):
- Date
- Thread