Password incorrect while getting initial credentials
Kevin Coffman
kwc at citi.umich.edu
Mon Feb 18 09:01:36 EST 2008
On Feb 17, 2008 10:10 PM, <trimkins at sbcglobal.net> wrote:
> Hello,
>
> I am receiving a "kint(v5): Password incorrect while getting initial
> credentials" error after entering a password in response to a prompt
> following a kinit command (kinit user/my.domain at MY.REALM). I know
> that I am entering the correct password. The database seems to be
> fine; I can get a ticket as root through:
> kinit -k -t /etc/krb5.keytab user/my.domain at MY.REALM
>
> I am wondering if this could have anything to do with a
> preauthentication requirement. My KDC.conf has a default principal
> flag of +preauth.
>
> Does this flag require any preliminary steps to authenticate before
> (or during) kinit?
>
> May there be anything else that I am missing?
>
> Thanks a lot.
>
If 'user/my.domain at MY.REALM' is the same in both cases, the reason you
can't authenticate with a password is because you created the keytab.
The act of creating a keytab causes a new random key to be generated
and placed in the Kerberos database and into the keytab. There is no
password associated with that key and you will only be able to
authenticate as that principal using the keytab.
If you want to authenticate with a password, do a "cpw" in kadmin for
the principal (and do not do a "ktadd").
More information about the Kerberos
mailing list