We're attempting to authenticate against a Windows 2000 Active Directory using a Solaris 8 with Kerberos 5-1.2.5 client. However, I cannot seem to get the authentication working. Since we're attempting to base other software on the Kerberos authentication, I would greatly appreciate any assistance.
I'm including a copy of the procedures I followed below, Tony I exported the UNIX Server's ticket on the Active Directory server with: ***** BEGIN ***** C:\Temp>ktpass -princ [EMAIL PROTECTED] -pass mypassword -out test.keytab Key created. Output keytab to test.keytab: Keytab version: 0x502 keysize 70 [EMAIL PROTECTED] ptype 1 (KRB5_NT_PRINCIPAL) vno 1 etype 0x1 (DES-CBC-CRC) keylength 8 (0xeac72f15ead37c4f) ***** END ***** Once exported, I then transferred the file to the UNIX Server through scp. I then did: ***** BEGIN ***** # mv /export/home/abrock/test.keytab /etc/krb5.keytab # chmod 600 /etc/krb5.keytab # chown root:sys /etc/krb5.keytab # klist -ke Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- ------------------------------------------------------------------------ -- 1 [EMAIL PROTECTED] (DES cbc mode with CRC-32) # exit abrock@web ~ 519 $ kinit Password for [EMAIL PROTECTED]: abrock@web ~ 520 $ klist Ticket cache: FILE:/tmp/krb5cc_100 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 09/18/02 09:52:29 09/18/02 19:52:29 [EMAIL PROTECTED] abrock@web ~ 521 $ telnet -xF web.georgefox.edu Trying 209.170.224.7... Connected to web.georgefox.edu (209.170.224.7). Escape character is '^]'. Waiting for encryption to be negotiated... [ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: Decrypt integrity check failed ] [ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: Decrypt integrity check failed ] [ Kerberos V5 refuses authentication because telnetd: krb5_rd_req failed: Decrypt integrity check failed ] Authentication negotation has failed, which is required for encryption. Good bye. abrock@web ~ 522 $ klist Ticket cache: FILE:/tmp/krb5cc_100 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 09/18/02 09:52:29 09/18/02 19:52:29 [EMAIL PROTECTED] 09/18/02 09:52:36 09/18/02 19:52:29 [EMAIL PROTECTED] abrock@web ~ 523 $ ***** END ***** Anthony Brock Director of Network Services George Fox University E-Mail: [EMAIL PROTECTED] Phone: (503) 554-2579 FAX: (503) 554-3834 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
