Enabling preauthentication on linux kdc

sgouris@gmail.com sgouris at gmail.com
Wed Nov 14 07:15:19 EST 2007


Hi,

I have a question regarding enabling kerberos pre-authentication on
linux kdc (kerberos servers). Can somebody please help ? I am not able
to enable this preauthentication on linux kdc.

windows kdc works with preauthencation enabled, such that even if a
kerberos request comes from linux machine the kdc returns KRB-ERROR.
the linux kerberos client then comes back with the required PA-ENC-
TIMESTAMP and is authenticated by KDC. I would like to configure linux
kdc for the same behaviour.

for this on the linux kerberos kdc machine.
I edited /var/kerberos/krb5kdc/kdc.conf
and put this lines

[realms]
NEVISTEST.COM = {
require-preauth = yes
default_principal_flags = +preauth
....

and restarted krb5kdc service
but this doesn't seem to effect the kerberos behaviour in any way and
I am stuck.

please help me with any suggestion/pointers.

Regards
S.Gourisankar




More information about the Kerberos mailing list