kfw-2.1, Win98 and Linux KDC
Turbo Fredriksson
turbo at bayour.com
Fri Aug 9 06:29:05 EDT 2002
[sorry, but I've had other things on my mind. I'm attempting this again,
still same problem. Tried to verify the timezone but...]
Quoting "Danilo Almeida" <dalmeida at MIT.EDU>:
> I assume the timezones for both the KDC and Win98 client are correct?
I have no idea really... I've tried to check this, but win... *annoyed*
On the KDC I have 'CEST':
----- s n i p -----
rmgztk:~# date
Fri Aug 9 12:21:16 CEST 2002
rmgztk:~# date -u
Fri Aug 9 10:21:24 UTC 2002
rmgztk:~# date -R
Fri, 9 Aug 2002 12:21:27 +0200
----- s n i p -----
But on windows I have (Both client and server is in Gothenburg):
(GMT+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien
What i see here, is that 'GMT+01:00' isn't the same as 'CEST' (even though
the time's match perfectly!). I found 'AtomTime98' (a time sync for win),
which I sync the time with. It uses the system timezone (which must be
wrong somehow)...
I tried to create a timezone (under windows with 'tzedit' from M$ site)
but obviosly I'm failing somehow...
And if I set 'GMT+1' on Linux, I get:
----- s n i p -----
rmgztk:~# date
Fri Aug 9 09:26:30 GMT+1 2002
rmgztk:~# date -u
Fri Aug 9 10:26:36 UTC 2002
rmgztk:~# date -R
Fri, 9 Aug 2002 09:26:37 -0100
rmgztk:~#
----- s n i p -----
Two-three hours of (it's 12:27)! It also say '-0100'! Shouldn't it be '+0100'!?
And when using 'CEST' it say '+0200'... !?!?
> -----Original Message-----
> From: kerberos-admin at MIT.EDU [mailto:kerberos-admin at MIT.EDU] On Behalf
> Of Turbo Fredriksson
> Sent: Friday, April 19, 2002 2:10 AM
> To: kerberos at mit.edu
> Subject: kfw-2.1, Win98 and Linux KDC
>
> I'm trying to get a ticket on (one of) my homemachine(s), running Win98.
> I have unpacked the 'kfw-2.1-bin.zip' in '\temp\'. CD'ing to the
> '\temp\kfw-2.1\bin\i386\rel' directory and executing 'kinit.exec -5'
> will
> prompt me for my password for 'turbo at BAYOUR.COM' as it should (no errors
> there). But it can't get a ticket, this is what it tells me:
>
> KINIT.EXE(v5): Preauthentication failed while getting initial
> credentials
>
> The clock on the win machine is set manually by watching 'date' on the
> KDC.
> It should only diff <= 1 sec...
>
> The win machine is behind a Linux firewall (iptables), and the KDC is on
> the 'Net. Getting tickets from my Linux machine at home (behind same fw)
> works like a charm...
>
> I get this in my KDC logs:
> ----- s n i p -----
> ==> /var/log/kerberos/krb5kdc.log <==
> Apr 19 08:00:26 papadoc krb5kdc[7826](info): preauth (timestamp) verify
> failure: No matching key in entry
> Apr 19 08:00:26 papadoc krb5kdc[7826](info): AS_REQ (3 etypes {16 1 3})
> 213.67.237.35(88): PREAUTH_FAILED: turbo at BAYOUR.COM for
> krbtgt/BAYOUR.COM at BAYOUR.COM, Preauthentication failed
> Apr 19 08:00:26 papadoc krb5kdc[7826](info): AS_REQ (3 etypes {16 1 3})
> 213.67.237.35(88): NEEDED_PREAUTH: turbo at BAYOUR.COM for
> krbtgt/BAYOUR.COM at BAYOUR.COM, Additional pre-authentication required
> Apr 19 08:00:26 papadoc krb5kdc[7826](info): preauth (timestamp) verify
> failure: No matching key in entry
> Apr 19 08:00:26 papadoc krb5kdc[7826](info): AS_REQ (3 etypes {16 1 3})
> 213.67.237.35(88): PREAUTH_FAILED: turbo at BAYOUR.COM for
> krbtgt/BAYOUR.COM at BAYOUR.COM, Preauthentication failed
> ----- s n i p -----
>
> What exactly does 'preauth (timestamp) verify failure: No matching key
> in entry'
> mean!?
> --
> iodine cracking BATF Rule Psix arrangements NSA SEAL Team 6 Saddam
> Hussein FBI Panama congress Ortega Ft. Bragg Iran spy
> [See http://www.aclu.org/echelonwatch/index.html for more about this]
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
--
Legion of Doom cracking president pits Ft. Meade 767 iodine Soviet
ammonium critical bomb NSA Serbian nuclear genetic
[See http://www.aclu.org/echelonwatch/index.html for more about this]
More information about the Kerberos
mailing list