Help needed: AD and Linux 'DES key has bad parity'

youpski youpski at hotmail.com
Fri Nov 28 04:01:19 EST 2003


looks like the problem was caused by a bad version of KTPASS:
a post w2k3 version from MS that is obviously not rtm
the w2k3 version works properly, but this version can't
work properly with w2k and delegated permisions
so, back to the testing....

youpski at hotmail.com (youpski) wrote in message news:<1abc7f17.0311250640.5be9f4d1 at posting.google.com>...
> I'm setting up a linux machine to single sign on authenticating
> against a Windows 2000 DC. AFAICS all is set up correctly:
> - Kerberos V5 is installed
> - Realm is set in /etc/krb5.conf
> - Keytabs are created (DES_CBC_CRC) using ktpass
> - UPN is set
> - Keytabs are loaded into /etc/krb5.keytab using ktutil
> 
> First I use 'kinit' on the linux machine to obtain a tgt, this works.
> I receive a tgt. Next I use kerberised telnet to connect to the host:
> "telnet -a hostname" ... when I do this I receive the following error:
> 
> [..]
> Kerberos V5 refuses authentication because telnetd:
> krb5_rd_req failed: DES key has bad parity
> [..]
> 
> the error on the W2k-DC controller is:
> [..]
> Event Type:	Failure Audit
> Event Source:	Security
> Event Category:	Account Logon 
> Event ID:	677
> Date:		11/25/2003
> Time:		3:11:58 PM
> User:		NT AUTHORITY\SYSTEM
> Computer:	DC1
> Description:
> Service Ticket Request Failed:
>  	User Name:	
>  	User Domain:	
>  	Service Name:	host/linux01.company.com
>  	Ticket Options:	0x40800000
>  	Failure Code:	0xF
>  	Client Address:	10.11.12.1
> [..] 
> 
> The strange thing is that i do still get a host ticket. But single
> sign on does not function. My problem is that there is lots of info on
> kerberos errors ... except this one  :-(((   ....  If anyone has any
> clue what this error can mean please reply...I'm getting a little bit
> frustrated (especialy because it used to work, but now it doesn't
> anymore)
> 
> thnx Y


More information about the Kerberos mailing list