Help needed: AD and Linux 'DES key has bad parity'
youpski
youpski at hotmail.com
Tue Nov 25 09:40:46 EST 2003
I'm setting up a linux machine to single sign on authenticating
against a Windows 2000 DC. AFAICS all is set up correctly:
- Kerberos V5 is installed
- Realm is set in /etc/krb5.conf
- Keytabs are created (DES_CBC_CRC) using ktpass
- UPN is set
- Keytabs are loaded into /etc/krb5.keytab using ktutil
First I use 'kinit' on the linux machine to obtain a tgt, this works.
I receive a tgt. Next I use kerberised telnet to connect to the host:
"telnet -a hostname" ... when I do this I receive the following error:
[..]
Kerberos V5 refuses authentication because telnetd:
krb5_rd_req failed: DES key has bad parity
[..]
the error on the W2k-DC controller is:
[..]
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 677
Date: 11/25/2003
Time: 3:11:58 PM
User: NT AUTHORITY\SYSTEM
Computer: DC1
Description:
Service Ticket Request Failed:
User Name:
User Domain:
Service Name: host/linux01.company.com
Ticket Options: 0x40800000
Failure Code: 0xF
Client Address: 10.11.12.1
[..]
The strange thing is that i do still get a host ticket. But single
sign on does not function. My problem is that there is lots of info on
kerberos errors ... except this one :-((( .... If anyone has any
clue what this error can mean please reply...I'm getting a little bit
frustrated (especialy because it used to work, but now it doesn't
anymore)
thnx Y
More information about the Kerberos
mailing list