kadmin problem

scotty adams scotty.adams at yahoo.com
Tue Feb 20 03:31:32 EST 2007


Hi Marcus,

When i use 

<modprinc -requires_preauth>

Then try to kinit <user>
it prompts incorrect password
then i should change the password so that it works, but i guess upon changing the password
the princ is being modified again... thus i guess that the
-requires_preauth  isnt set anymore...
Can you please advise me how to make this work since kdc.log is still showing Preauthentication failed

Thanks,
Scotty




Marcus Watts <mdw at umich.edu> wrote: scotty adams  writes:
> Hi Marcus,
> 
> it seems that i can't even kinit over scotty
> 
> bash-2.05# kinit scotty
> Password for scotty at SCOTTIE.COMPANY.COM: 
> kinit: Preauthentication failed while getting initial credentials
> 
> same error as that of kadmin
> 
> How can i turn off REQUIRES_PRE_AUTH on the principal?
> 
> Thanks,
> Scotty

Good.  Now you have a much simpler problem to solve.

Since you don't yet have kadmin working, you'll need
to use kadmin.local.  When run (as root) on the kdc
(with the right configuration) it will access the database
directly and does not need any credentials.  So,

(on the kdc):
kadmin.local
   -- to set the bit,
modprinc +requires_preauth 
   -- to clear the bit,
modprinc -requires_preauth 
   -- to see the bit
getprinc 
   -- to see what else you can set
modprinc
   -- to see what else you can do
lr

You should also have a large pile of kerberos 5 documentation
that explains this and much much more.  If you haven't got
this, you really should dig it up.  If you have got it, but
it doesn't explain things like this adequately, you should let
your vendor know where and how the documentation can be improved.

     -Marcus Watts


 
---------------------------------
Want to start your own business? Learn how on Yahoo! Small Business.


More information about the Kerberos mailing list