I've put a kerberos principle into a keytab:

# klist -k asterisk.keytab
Keytab name: FILE:asterisk.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   8 aster...@example.com


# ipa-getkeytab -s server.example.com -p asterisk -k /tmp/asterisk-krb5.keytab 
-e aes256-cts

But when I try to use that keytab I get an error:

# kinit -k -t /etc/asterisk/asterisk.keytab imap/linux.example....@example.com
kinit: Generic preauthentication failure while getting initial credentials

On the server I get the following error:

Sep 23 19:30:39 server.example.com krb5kdc[28970](info): AS_REQ (7 etypes {18 
17 16 23 1 3 2}) xxxxxx: NEEDED_PREAUTH: imap/linux.example....@example.com for 
krbtgt/example....@example.com, Additional pre-authentication required

Any idea what is going on here?


Attachment: signature.asc
Description: This is a digitally signed message part

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to