Bizzare problem with authenticating a service principal with AD
Jeffrey Altman
jaltman at secure-endpoints.com
Mon Mar 12 00:01:39 EDT 2007
Jason Testart wrote:
>
>
> Jeffrey Altman wrote:
>> Jason Testart wrote:
>>> I'm trying to get pam_krb5 working with an Active Directory domain.
>>> It works when I don't have a krb5.keytab file but it doesn't when I
>>> do, since the verification of the TGT using the service principal
>>> fails with an error: "Key table entry not found". The keytab file
>>> is simple as it only contains the "host" service principal for the
>>> Ubuntu Linux box that I am testing with.
>> What enctype is the service ticket being encrypted with?
>
> I used the default. "ktpass /?" says that's RC4-HMAC-NT.
ktpass exports a key of the enctype you request. that is not
necessarily the enctype used to encrypt the service ticket that is issued.
What is the enctype of the service ticket received by your service?
Jeffrey Altman
Secure Endpoints Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20070312/3fe89ef3/attachment.bin
More information about the Kerberos
mailing list