kpasswd: Failed decrypting request
Jeffrey Altman
jaltman2 at nyc.rr.com
Fri Aug 18 02:35:08 EDT 2006
petesea at bigfoot.com wrote:
> Using krb5-1.4.3 on a Redhat system and I get the following error from
> kpasswd:
>
> Failed decrypting request
>
> The admin server is accessed via VPN/NAT and from the sparse info I could
> find, I suspect that's the issue. DNS does show that my VPN IP matches
> the hostname.
>
> Questions...
>
> Is that the cause of the error?
>
> Are there plans to fix this?
>
> If there are no plans to fix it (or it can't be fixed)... is there any
> possibility the error message could be a bit more descriptive?
>
> I'm trying to deploy kerberos to a large number of users, many will be
> accessing our systems via the VPN and I'm sure this will be an issue.
You cannot use the MIT kpasswd through a NAT. The IP address of the
client as seen by the server must match the one the client sees.
When the IETF completes the new set/change password protocol I'm sure
that MIT will consider implementing it.
Jeffrey Altman
More information about the Kerberos
mailing list