On Wed, 02 Mar 2016, Prashant Bapat wrote:
Thanks. But my problem is not OTP per se but Kerberos thru Java.
Specifically i'm getting below error.

javax.security.auth.login.LoginException: Pre-authentication information
was invalid (24) - PREAUTH_FAILED
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804)
Caused by: sun.security.krb5.KrbException: Pre-authentication information
was invalid (24) - PREAUTH_FAILED
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:82)
Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match
expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)

Any pointers ?
Read the page, please. It has all the details what you need to implement
-- most importantly, you need to implement FAST channel support.


On 1 March 2016 at 21:01, Alexander Bokovoy <aboko...@redhat.com> wrote:

On Tue, 01 Mar 2016, Prashant Bapat wrote:

Hi,

I'm trying to use Shibboleth IdP with FreeIPA and Kerberos Authentication.
I'm aware of Ipsilon, just that Shibboleth is more suited for my use case.

I've installed ipa-client on a server and connected it to ipa. Shibboleth
is installed on this server and I'm able to get the Kerberos
authentication
working. Documented here
<
https://wiki.shibboleth.net/confluence/display/IDP30/KerberosAuthnConfiguration
>
.

However if I bring OTP into picture, authentication fails. Error message
is
like "Pre-authentication information was invalid (24) - PREAUTH_FAILED".

Any pointers on how to make OTP work?

http://www.freeipa.org/page/V4/OTP
http://www.freeipa.org/page/V4/OTP/Detail

--
/ Alexander Bokovoy


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to