RE: kfw-2.1, Win98 and Linux KDC

Fri, 19 Apr 2002 07:01:10 -0700 

I assume the timezones for both the KDC and Win98 client are correct?

- Danilo

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of Turbo Fredriksson
Sent: Friday, April 19, 2002 2:10 AM
To: [EMAIL PROTECTED]
Subject: kfw-2.1, Win98 and Linux KDC

I'm trying to get a ticket on (one of) my homemachine(s), running Win98.
I have unpacked the 'kfw-2.1-bin.zip' in '\temp\'. CD'ing to the
'\temp\kfw-2.1\bin\i386\rel' directory and executing 'kinit.exec -5'
will
prompt me for my password for '[EMAIL PROTECTED]' as it should (no errors
there). But it can't get a ticket, this is what it tells me:

        KINIT.EXE(v5): Preauthentication failed while getting initial
credentials

The clock on the win machine is set manually by watching 'date' on the
KDC.
It should only diff <= 1 sec...

The win machine is behind a Linux firewall (iptables), and the KDC is on
the 'Net. Getting tickets from my Linux machine at home (behind same fw)
works like a charm...

I get this in my KDC logs:
----- s n i p -----
==> /var/log/kerberos/krb5kdc.log <==
Apr 19 08:00:26 papadoc krb5kdc[7826](info): preauth (timestamp) verify
failure: No matching key in entry
Apr 19 08:00:26 papadoc krb5kdc[7826](info): AS_REQ (3 etypes {16 1 3})
213.67.237.35(88): PREAUTH_FAILED: [EMAIL PROTECTED] for
[EMAIL PROTECTED], Preauthentication failed
Apr 19 08:00:26 papadoc krb5kdc[7826](info): AS_REQ (3 etypes {16 1 3})
213.67.237.35(88): NEEDED_PREAUTH: [EMAIL PROTECTED] for
[EMAIL PROTECTED], Additional pre-authentication required
Apr 19 08:00:26 papadoc krb5kdc[7826](info): preauth (timestamp) verify
failure: No matching key in entry
Apr 19 08:00:26 papadoc krb5kdc[7826](info): AS_REQ (3 etypes {16 1 3})
213.67.237.35(88): PREAUTH_FAILED: [EMAIL PROTECTED] for
[EMAIL PROTECTED], Preauthentication failed
----- s n i p -----

What exactly does 'preauth (timestamp) verify failure: No matching key
in entry'
mean!?
-- 
iodine cracking BATF Rule Psix arrangements NSA SEAL Team 6 Saddam
Hussein FBI Panama congress Ortega Ft. Bragg Iran spy
[See http://www.aclu.org/echelonwatch/index.html for more about this]
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to