Problem with auth via keytab w/ w2k3 KDC, works fine with w2k DC

Neulinger, Nathan nneul at umr.edu
Fri Oct 22 09:23:12 EDT 2004


Yes, we did resolve it. I've attached the perl code I use to create
princs... It's not going to be usable by itself, but you should be able
to pick out what you need. Had to do with the attributes that were being
set and names/etc. 

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul at umr.edu
University of Missouri - Rolla         Phone: (573) 341-6679
UMR Information Technology             Fax: (573) 341-4216
 

> -----Original Message-----
> From: kerberos-bounces at mit.edu 
> [mailto:kerberos-bounces at mit.edu] On Behalf Of Gmane
> Sent: Thursday, October 21, 2004 7:13 PM
> To: kerberos at mit.edu
> Subject: Re: Problem with auth via keytab w/ w2k3 KDC, works 
> fine with w2k DC
> 
> Nathan,
> 
> I see now a similar problem. I am running for some time MIT 
> 1.2.4 with a 
> 2000 kdc. I now have to update to 2003 and noticed that I get decrypt 
> integrety errors when using telnet. Everything else is the 
> same (I use 
> DESONLY, etc, ) Did you solve your issue ? How did you solve it ?
> 
> Thanks
> Markus
> 
> 
> "Neulinger, Nathan" <nneul at umr.edu> wrote in message 
> news:5C51DC2B8353AB4BA2CD04B34F2EE79C3EFE5C at umr-umail1.umr.edu...
> >> >    ktutil, create keytab with that password, des-cbc-crc, kvno 1
> >> >    ktutil, create keytab with that password, des-cbc-crc, kvno 3
> >>
> >> This might be the problem. Can you create the the keytab with
> >> des-cbc-md5,
> >> as the W2003 may be only accepting des-cbc-md5 as the e-type,
> >> and when used with
> >> kinit, kinit may be trying to what it found in the keytab,
> >> des-cbc-crc, and w2003
> >> will only accept des-cbc-md5.
> >
> > No go... Still get preauthentication failed. Also tried changing the
> > enctypes options in krb5.conf to only list md5 instead of 
> crc and md5,
> > also no change. Password based auth still works fine.
> >
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> > 
> 
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ADSObject.pm
Type: application/octet-stream
Size: 42514 bytes
Desc: ADSObject.pm
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20041022/91743c08/attachment.obj


More information about the Kerberos mailing list