kadmin problem
Marcus Watts
mdw at umich.edu
Sat Feb 17 03:49:14 EST 2007
scotty adams <scotty.adams at yahoo.com> writes:
> Hi Marcus,
>
> it seems that i can't even kinit over scotty
>
> bash-2.05# kinit scotty
> Password for scotty at SCOTTIE.COMPANY.COM:
> kinit: Preauthentication failed while getting initial credentials
>
> same error as that of kadmin
>
> How can i turn off REQUIRES_PRE_AUTH on the principal?
>
> Thanks,
> Scotty
Good. Now you have a much simpler problem to solve.
Since you don't yet have kadmin working, you'll need
to use kadmin.local. When run (as root) on the kdc
(with the right configuration) it will access the database
directly and does not need any credentials. So,
(on the kdc):
kadmin.local
-- to set the bit,
modprinc +requires_preauth <kerberos_principal>
-- to clear the bit,
modprinc -requires_preauth <kerberos_principal>
-- to see the bit
getprinc <kerberos_principal>
-- to see what else you can set
modprinc
-- to see what else you can do
lr
You should also have a large pile of kerberos 5 documentation
that explains this and much much more. If you haven't got
this, you really should dig it up. If you have got it, but
it doesn't explain things like this adequately, you should let
your vendor know where and how the documentation can be improved.
-Marcus Watts
More information about the Kerberos
mailing list