kadmin problem
Marcus Watts
mdw at umich.edu
Tue Feb 20 13:09:42 EST 2007
Scotty & Dan wrote:
...
> > Hi marcus,
> >
> > My getprinc for HTTP/scotty.SCOTTIE.COMPANY.COM at SCOTTIE.COMPANY.COM
> >
> > kadmin.local: getprinc HTTP/scotty.SCOTTIE.COMPANY.COM at SCOTTY.COMPANY.COM
> > Principal: HTTP/scotty.SCOTTIE.COMPANY.COM at SCOTTIE.COMPANY.COM
> > Expiration date: [never]
> > Last password change: Sun Feb 18 10:00:03 GMT 2007
> > Password expiration date: [none]
> > Maximum ticket life: 24855 days 03:14:07
> > Maximum renewable life: 24855 days 03:14:07
> > Last modified: Sun Feb 18 10:00:03 GMT 2007 (HTTP/admin at BEIRUT.NAVLINK.COM)
> > Last successful authentication: [never]
> > Last failed authentication: [never]
> > Failed password attempts: 0
> > Number of keys: 1
> > Key: vno 6, DES cbc mode with CRC-32, no salt
> > Attributes:
> > Policy: [none]
> >
> > So can you please tell me where to find whether preauth has been turned off?
>
> Your principal does NOT show "Attributes: REQUIRES_PRE_AUTH", so the
> preauth bit is not turned on.
>
Yup. On the other hand, it shows 2 realms: SCOTTY.COMPANY.COM
and BEIRUT.NAVLINK.COM . If this isn't intentional, you
may want to make this not be true. Once you've resolved that,
if that doesn't fix the "preauth failed" problem you should proceed
as I described previously. Also, your principal name has mixed
case in it. That won't cause problems directly, but I don't
know if you have something that depends on being able to create
such names. So beware: for much of kerberos, uc != lc.
-Marcus Watts
More information about the Kerberos
mailing list