Problem with auth via keytab w/ w2k3 KDC, works fine with w2k DC
Neulinger, Nathan
nneul at umr.edu
Fri Oct 22 09:23:12 EDT 2004
Yes, we did resolve it. I've attached the perl code I use to create
princs... It's not going to be usable by itself, but you should be able
to pick out what you need. Had to do with the attributes that were being
set and names/etc.
------------------------------------------------------------
Nathan Neulinger EMail: nneul at umr.edu
University of Missouri - Rolla Phone: (573) 341-6679
UMR Information Technology Fax: (573) 341-4216
> -----Original Message-----
> From: kerberos-bounces at mit.edu
> [mailto:kerberos-bounces at mit.edu] On Behalf Of Gmane
> Sent: Thursday, October 21, 2004 7:13 PM
> To: kerberos at mit.edu
> Subject: Re: Problem with auth via keytab w/ w2k3 KDC, works
> fine with w2k DC
>
> Nathan,
>
> I see now a similar problem. I am running for some time MIT
> 1.2.4 with a
> 2000 kdc. I now have to update to 2003 and noticed that I get decrypt
> integrety errors when using telnet. Everything else is the
> same (I use
> DESONLY, etc, ) Did you solve your issue ? How did you solve it ?
>
> Thanks
> Markus
>
>
> "Neulinger, Nathan" <nneul at umr.edu> wrote in message
> news:5C51DC2B8353AB4BA2CD04B34F2EE79C3EFE5C at umr-umail1.umr.edu...
> >> > ktutil, create keytab with that password, des-cbc-crc, kvno 1
> >> > ktutil, create keytab with that password, des-cbc-crc, kvno 3
> >>
> >> This might be the problem. Can you create the the keytab with
> >> des-cbc-md5,
> >> as the W2003 may be only accepting des-cbc-md5 as the e-type,
> >> and when used with
> >> kinit, kinit may be trying to what it found in the keytab,
> >> des-cbc-crc, and w2003
> >> will only accept des-cbc-md5.
> >
> > No go... Still get preauthentication failed. Also tried changing the
> > enctypes options in krb5.conf to only list md5 instead of
> crc and md5,
> > also no change. Password based auth still works fine.
> >
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ADSObject.pm
Type: application/octet-stream
Size: 42514 bytes
Desc: ADSObject.pm
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20041022/91743c08/attachment.obj
More information about the Kerberos
mailing list