Help needed: AD and Linux 'DES key has bad parity'

youpski youpski at hotmail.com
Tue Nov 25 09:40:46 EST 2003


I'm setting up a linux machine to single sign on authenticating
against a Windows 2000 DC. AFAICS all is set up correctly:
- Kerberos V5 is installed
- Realm is set in /etc/krb5.conf
- Keytabs are created (DES_CBC_CRC) using ktpass
- UPN is set
- Keytabs are loaded into /etc/krb5.keytab using ktutil

First I use 'kinit' on the linux machine to obtain a tgt, this works.
I receive a tgt. Next I use kerberised telnet to connect to the host:
"telnet -a hostname" ... when I do this I receive the following error:

[..]
Kerberos V5 refuses authentication because telnetd:
krb5_rd_req failed: DES key has bad parity
[..]

the error on the W2k-DC controller is:
[..]
Event Type:	Failure Audit
Event Source:	Security
Event Category:	Account Logon 
Event ID:	677
Date:		11/25/2003
Time:		3:11:58 PM
User:		NT AUTHORITY\SYSTEM
Computer:	DC1
Description:
Service Ticket Request Failed:
 	User Name:	
 	User Domain:	
 	Service Name:	host/linux01.company.com
 	Ticket Options:	0x40800000
 	Failure Code:	0xF
 	Client Address:	10.11.12.1
[..] 

The strange thing is that i do still get a host ticket. But single
sign on does not function. My problem is that there is lots of info on
kerberos errors ... except this one  :-(((   ....  If anyone has any
clue what this error can mean please reply...I'm getting a little bit
frustrated (especialy because it used to work, but now it doesn't
anymore)

thnx Y


More information about the Kerberos mailing list