Problem with auth via keytab w/ w2k3 KDC, works fine with w2k DC
Gmane
huaraz at moeller.plus.com
Thu Oct 21 20:13:14 EDT 2004
Nathan,
I see now a similar problem. I am running for some time MIT 1.2.4 with a
2000 kdc. I now have to update to 2003 and noticed that I get decrypt
integrety errors when using telnet. Everything else is the same (I use
DESONLY, etc, ) Did you solve your issue ? How did you solve it ?
Thanks
Markus
"Neulinger, Nathan" <nneul at umr.edu> wrote in message
news:5C51DC2B8353AB4BA2CD04B34F2EE79C3EFE5C at umr-umail1.umr.edu...
>> > ktutil, create keytab with that password, des-cbc-crc, kvno 1
>> > ktutil, create keytab with that password, des-cbc-crc, kvno 3
>>
>> This might be the problem. Can you create the the keytab with
>> des-cbc-md5,
>> as the W2003 may be only accepting des-cbc-md5 as the e-type,
>> and when used with
>> kinit, kinit may be trying to what it found in the keytab,
>> des-cbc-crc, and w2003
>> will only accept des-cbc-md5.
>
> No go... Still get preauthentication failed. Also tried changing the
> enctypes options in krb5.conf to only list md5 instead of crc and md5,
> also no change. Password based auth still works fine.
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list