Getting MIT Client(Win) to talk to Unix KDC
Tony Hoyle
tmh at nodomain.org
Sat Sep 28 07:39:56 EDT 2002
I've got a problem trying to auth with an MIT KDC on Linux from a windows
MIT Kerberos client (1.2.2, although I could probably upgrade to 1.2.4 if
required). The error I'm getting appears to imply clock
skew, but the machines are synchronised with each other using NTP, and are
on the same timezone. Sniffing the packets with ethereal reveals the same
time on packets in both directions.
Sep 28 12:27:15 sisko krb5kdc[21145]: preauth (timestamp) verify failure:
No matching key in entry Sep 28 12:27:15 sisko krb5kdc[21145]: AS_REQ (3
etypes {16 1 3}) 192.168.2.251(88): PREAUTH_FAILED: tmh at NODOMAIN.ORG for
krbtgt/NODOMAIN.ORG at NODOMAIN.ORG, Preauthentication failed
Is there a way of increasing the verbosity of the logging, for example to
print out both timestamps, or a more meaningful error?
Tony
More information about the Kerberos
mailing list