keytab wrecks login

Ron Peterson rpeterso at mtholyoke.edu
Mon Jul 10 21:56:14 EDT 2006


Debian Sarge
MIT Kerberos packages (1.3.6)

I am clearly not understanding something about how kerberos operates.
If I add a principal to a keytab, I can no longer log in with a
password?

...password is working here...
1045# kadmin -p network/admin
Authenticating as principal network/admin with password.
Password for network/admin at MTHOLYOKE.EDU:

...add user to keytab...
kadmin:  ktadd -k /var/tmp/test.keytab network/admin
Entry for principal network/admin with kvno 10, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/var/tmp/test.keytab.
Entry for principal network/admin with kvno 10, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/var/tmp/test.keytab.
kadmin:  quit

...authenticate using password is now broken!...                 <=============== why???
1047# kadmin -p network/admin
Authenticating as principal network/admin with password.
Password for network/admin at MTHOLYOKE.EDU:
kadmin: Incorrect password while initializing kadmin interface

...authenticate using keytab works...
1046# kadmin -p network/admin at MTHOLYOKE.EDU -t /var/tmp/test.keytab -k /var/tmp/test.keytab
Authenticating as principal network/admin at MTHOLYOKE.EDU with keytab /var/tmp/test.keytab.
kadmin:  quit

Any help would be appreciated.  TIA.

--
Ron Peterson
Network & Systems Manager
Mount Holyoke College
http://www.mtholyoke.edu/~rpeterso



More information about the Kerberos mailing list