kinit des and Win2k
Andrew Innes
andrewi at gnu.org
Tue Jun 1 04:38:51 EDT 2004
On 25 May 2004 06:08:46 -0700, wyl_lyf at yahoo.com (melissa_benkyo) said:
[Use DES enabled for principal]
>>But what is in the krb5.conf? Have you set default_tkt_enctypes and
>>default_tgs_enctypes?
>
>yup my default_xxx_enctypes are as follows
>
> default_tkt_enctypes = des-cbc-md5 des-cbc-crc
> default_tgs_enctypes = des-cbc-md5 des-cbc-crc
>
>>You mean the kinit fails with some pre authentication message?
>>What is the message?
>
>the message I'm getting is from windows AD because it requires
>authentication. But I think by setting the Use DES it should be able
>to pre-authenticate. I'm insisting on doing pre-authentication since
>this is actually an added security measure. :D
>
>My error message is as follows:
>Pre-authentication failed:
> UserName: mango
> UserID: TESTING\mango
> ServiceName: krbtgt/TESTING.COM
> Pre-Authentication Type: 0x0
> Failure Code : 0x19
> Client Address : <ip>
If you have just enabled DES for an AD user principal, you then need to
change their password so that a DES version gets stored. Until then,
there is only an RC4 version of the password available.
Cheers,
AndrewI
More information about the Kerberos
mailing list