kfw-2.1, Win98 and Linux KDC
Danilo Almeida
dalmeida at MIT.EDU
Fri Apr 19 10:16:17 EDT 2002
I assume the timezones for both the KDC and Win98 client are correct?
- Danilo
-----Original Message-----
From: kerberos-admin at MIT.EDU [mailto:kerberos-admin at MIT.EDU] On Behalf
Of Turbo Fredriksson
Sent: Friday, April 19, 2002 2:10 AM
To: kerberos at mit.edu
Subject: kfw-2.1, Win98 and Linux KDC
I'm trying to get a ticket on (one of) my homemachine(s), running Win98.
I have unpacked the 'kfw-2.1-bin.zip' in '\temp\'. CD'ing to the
'\temp\kfw-2.1\bin\i386\rel' directory and executing 'kinit.exec -5'
will
prompt me for my password for 'turbo at BAYOUR.COM' as it should (no errors
there). But it can't get a ticket, this is what it tells me:
KINIT.EXE(v5): Preauthentication failed while getting initial
credentials
The clock on the win machine is set manually by watching 'date' on the
KDC.
It should only diff <= 1 sec...
The win machine is behind a Linux firewall (iptables), and the KDC is on
the 'Net. Getting tickets from my Linux machine at home (behind same fw)
works like a charm...
I get this in my KDC logs:
----- s n i p -----
==> /var/log/kerberos/krb5kdc.log <==
Apr 19 08:00:26 papadoc krb5kdc[7826](info): preauth (timestamp) verify
failure: No matching key in entry
Apr 19 08:00:26 papadoc krb5kdc[7826](info): AS_REQ (3 etypes {16 1 3})
213.67.237.35(88): PREAUTH_FAILED: turbo at BAYOUR.COM for
krbtgt/BAYOUR.COM at BAYOUR.COM, Preauthentication failed
Apr 19 08:00:26 papadoc krb5kdc[7826](info): AS_REQ (3 etypes {16 1 3})
213.67.237.35(88): NEEDED_PREAUTH: turbo at BAYOUR.COM for
krbtgt/BAYOUR.COM at BAYOUR.COM, Additional pre-authentication required
Apr 19 08:00:26 papadoc krb5kdc[7826](info): preauth (timestamp) verify
failure: No matching key in entry
Apr 19 08:00:26 papadoc krb5kdc[7826](info): AS_REQ (3 etypes {16 1 3})
213.67.237.35(88): PREAUTH_FAILED: turbo at BAYOUR.COM for
krbtgt/BAYOUR.COM at BAYOUR.COM, Preauthentication failed
----- s n i p -----
What exactly does 'preauth (timestamp) verify failure: No matching key
in entry'
mean!?
--
iodine cracking BATF Rule Psix arrangements NSA SEAL Team 6 Saddam
Hussein FBI Panama congress Ortega Ft. Bragg Iran spy
[See http://www.aclu.org/echelonwatch/index.html for more about this]
________________________________________________
Kerberos mailing list Kerberos at mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list