Identified does not match issue

vssureka@gmail.com vssureka at gmail.com
Tue Nov 4 12:14:03 EST 2008


I have checked and double checked the issue with password and
everything looks right. The time is also synchronized.

Here is some more information that I found last night

If I run "kinit JBOSS <<password>>"  - it works fine and it gets the
Ticket without any errors

But when I use the keytab that I generate using ktab utility "ktab -k -
t FILE:c:\myfile.keytab -a JBOSS <<password>>" and then pass on this
file to kinit utility using
"kinit -k -t FILE:c:\myfile.ketyab JBOSS" I get the preauthenticatin
error. Seems like the Ktab is generating a keytab file that is meshing
up the password.

Given that the first command succeeds tells me that the use is setup
correctly on the AD side. (I further verified that by passing in a
wrong password in "kinit JBOSS <<password>>"   and as expected it
fails telling me that it does verifies the password as it is expected)

Any help would be highly appreciated

vs

On Nov 4, 5:20 am, anil.shashikumar.be... at gmail.com wrote:
> > C:\Program Files\Java\jdk1.5.0_16\bin>kinit -k -tc:\JBOSS.host.keytab
>
> > JBOSS
>
> > Exception: krb_error 24 Pre-authentication information was invalid
>
> This could be because the password/keytab or the principal name you  
> provided you have provided may not be incorrect .
>
> Also you could check if there is any large clock skew time difference on  
> your AD box and the client.




More information about the Kerberos mailing list