krenew: error renewing credentials: KDC returned error string: NO PREAUTH

marcus.nilsson@pulsen.se marcus.nilsson at pulsen.se
Sat Aug 1 09:39:32 EDT 2009


-----Greg Hudson <ghudson at MIT.EDU> wrote: -----

>Is the requires-preauth bit set on your krbtgt/MERA.NU principal?

kadmin:  getprinc krbtgt/MERA.NU
Principal: krbtgt/MERA.NU at MERA.NU
Expiration date: [never]
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Mon Feb 09 15:24:45 CET 2009 (db_creation at MERA.NU)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 5
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Key: vno 1, ArcFour with HMAC/md5, no salt
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Key: vno 1, DES cbc mode with RSA-MD5, no salt
MKey: vno 1
Attributes: REQUIRES_PRE_AUTH
Policy: [none]


>Also, although I don't think this is at all relevant, krenew comes
>from
>a different source package from MIT Kerberos, so you might test with
>"kinit -R" just to remove that variable.

mani at irit:~$ kinit -R
kinit: KDC returned error string: NO PREAUTH while renewing credentials


/ Marcus





More information about the Kerberos mailing list