[krbdev.mit.edu #8450] KDC has no support for padata type while using t_s4u from git
Bar Hofesh via RT
rt-comment at krbdev.mit.edu
Tue Jul 5 13:00:22 EDT 2016
<html style="direction: ltr;">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<style type="text/css">body p { margin-bottom: 0cm; margin-top: 0pt; } </style>
</head>
<body style="direction: ltr;" bidimailui-charset-is-forced="true"
bgcolor="#FFFFFF" text="#000000">
<font face="Tahoma"><u>Doamin:</u> SA-DEV.LOCAL<br>
<u>Proxy:</u> support.sa-dev.local (has a keytab, user account,
trusted to delegate all services, also domain admin)<br>
<u>user to proxy:</u> <a class="moz-txt-link-abbreviated" href="mailto:noob at sa-dev.local">noob at sa-dev.local</a> (domain user)<br>
<u>target site:</u> sp2013.sa-dev.local<br>
<u>AD:</u> windows server 2008R2<br>
<br>
<br>
<u><b>Key-tab:</b></u><br>
<br>
klist -ket /etc/krb5.keytab <br>
Keytab name: <a class="moz-txt-link-freetext" href="FILE:/etc/krb5.keytab">FILE:/etc/krb5.keytab</a><br>
KVNO Timestamp          Principal<br>
---- -------------------
------------------------------------------------------<br>
  4 01/01/1970 02:00:00 <a class="moz-txt-link-abbreviated" href="mailto:host/support.sa-dev.local at SA-DEV.LOCAL">host/support.sa-dev.local at SA-DEV.LOCAL</a>
(arcfour-hmac) <br>
<br>
<u><b>Getting a ticket:</b></u><br>
<br>
kinit -k -p -f <a class="moz-txt-link-abbreviated" href="mailto:host/support.sa-dev.local at SA-DEV.LOCAL">host/support.sa-dev.local at SA-DEV.LOCAL</a><br>
<br>
<u><b>Listing:</b></u><br>
<br>
klist <br>
Ticket cache: <a class="moz-txt-link-freetext" href="FILE:/tmp/krb5cc_0">FILE:/tmp/krb5cc_0</a><br>
Default principal: <a class="moz-txt-link-abbreviated" href="mailto:host/support.sa-dev.local at SA-DEV.LOCAL">host/support.sa-dev.local at SA-DEV.LOCAL</a><br>
<br>
Valid starting      Expires             Service principal<br>
07/04/2016 10:56:00Â 07/04/2016 20:56:00Â
<a class="moz-txt-link-abbreviated" href="mailto:krbtgt/SA-DEV.LOCAL at SA-DEV.LOCAL">krbtgt/SA-DEV.LOCAL at SA-DEV.LOCAL</a><br>
   renew until 07/05/2016 10:56:00<br>
<br>
<u><b>Trying to Proxy:</b></u><br>
<br>
./t_s4u <a class="moz-txt-link-abbreviated" href="mailto:p:noob at SA-DEV.LOCAL">p:noob at SA-DEV.LOCAL</a> <a class="moz-txt-link-abbreviated" href="mailto:h:sp2013 at SA-DEV.LOCAL">h:sp2013 at SA-DEV.LOCAL</a> /etc/krb5.keytab<br>
Protocol transition tests follow<br>
-----------------------------------<br>
<br>
gss_acquire_cred_impersonate_name: Unspecified GSS failure. Minor
code may provide more information<br>
gss_acquire_cred_impersonate_name: KDC has no support for padata
type<br>
<br>
<br>
</font><br>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<style type="text/css">body p { margin-bottom: 0cm; margin-top: 0pt; } </style>
<title></title>
<div bidimailui-direction-uniformity="ltr">
<div bidimailui-direction-uniformity="ltr" dir="ltr">
<div bidimailui-direction-uniformity="ltr"
style="text-align:left"><b><span
style="font-size:13.0pt;font-family:"Candara","sans-serif";color:#404040"><img
alt="Safe-T.com"
src="cid:part1.DEC4B092.7F42ABF1 at safe-t.com"
height="40" width="122"><br>
Bar Hofesh</span></b><span
style="font-family:"Candara","sans-serif";color:#404040"><br>
</span><span style="background-color:rgb(255,255,255)"><span>Information
Security Architect</span></span><span
style="font-family:"Candara","sans-serif";color:#404040"><br>
Support: (IL)1700700139, 927-9-8666110(ext 231)<br>
</span><span
style="font-family:"Candara","sans-serif";color:#404040">Haatzmaut
40 St, first floor.</span><span
style="font-family:"Candara","sans-serif";color:#404040"><br>
Beer-Sheva </span><span
style="font-family:"Candara","sans-serif";color:#404040">
84150, Israel</span><span
style="font-family:"Candara","sans-serif";color:#404040"><br>
<a class="moz-txt-link-abbreviated" href="http://www.Safe-T.com">www.Safe-T.com</a></span></div>
</div>
<br>
</div>
</div>
</body>
</html>
More information about the krb5-bugs
mailing list