retitle 717660 kadmind: extracted keytab invalid
reassign 717660 heimdal-kdc
found 717660 1.6~git20120403+dfsg1-2
thanks
Hi,
I can confirm this bug as well and I've done some further experiments.
It seems that there is a problem with the kadmind in wheezy.
I'm running wheezy on both the KDC and the server. When I extract a new
keytab, I can't log in with ssh anymore. Running sshd in debug mode
(with -d), I get a GSS failure: "Wrong principal in request". However,
if I extract the keytab on the KDC with "kadmin -l" and copy it to the
server (as suggested in this bug report), then it works.
It does not seem to be an MIT/Heimdal incompatibility either. With the
extracted keytab, I get:
# kinit -k host/pxe.dsv.su.se
kinit: Password incorrect
while it works with keytab copied from the KDC.
Note that I get the same problem when running kadmin from squeeze
against the kadmind from wheezy. Therefore, I suspect that the bug is in
the kadmind in wheezy.
I also noted that the keytab extracted from kadmind is 191 bytes while
the keytab extracted using "kadmin -l" is 251 bytes. Perhaps it is
truncated somewhere?
--
Pelle
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
