Error configuring Kerberos and OpenDS
Mantas M.
grawity at gmail.com
Wed Feb 22 14:44:03 EST 2012
On Wed, Feb 22, 2012 at 08:41:15PM +0100, Tiago Elvas wrote:
> Thanks for the tip.
>
> I know have the following error:
>
> Feb 22 20:39:37 ldapserver krb5kdc[10211](info): AS_REQ (5 etypes {3 1 23
> 16 17}) 172.23.14.210: NEEDED_PREAUTH: kerberos-test at MYDOMAIN.COM for
> krbtgt/MYDOMAIN.COM at MYDOMAIN.COM, Additional pre-authentication required
> Feb 22 20:39:37 ldapserver krb5kdc[10211](info): preauth (timestamp) verify
> failure: Decrypt integrity check failed
> Feb 22 20:39:37 ldapserver krb5kdc[10211](info): AS_REQ (5 etypes {3 1 23
> 16 17}) 172.23.14.210: PREAUTH_FAILED: kerberos-test at MYDOMAIN.COM for
> krbtgt/MYDOMAIN.COM at MYDOMAIN.COM, Decrypt integrity check failed
>
> Any clue on what's failing?
"Decrypt integrity check failed" almost always means "the password given to `kinit` was incorrect".
> Another question, how should I configure openDS access control to accept
> GSSAPI with kerberos tickets?
I believe this is already documented at <https://www.opends.org/wiki/page/GSSAPIConfiguration>.
--
Mantas M.
More information about the Kerberos
mailing list