Hello,
I am setting up a KerberosV server for the first time. I am using Debian
and i've downloaded the source from the unstable. Here are the commands
i used to setup my KerberosV server.
First create a database:
kdb5_util create -r ACTIVE2.HOMELINUX.ORG -s
echo "*/[EMAIL PROTECTED] *" > /etc/krb5kdc/kadm5.acl
Then i create the principal root/[EMAIL PROTECTED] with the
kadmin.local binary.
Then i create the keytab for the kadmind service.
ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
Then starting the servers. And all works perfectly.
Then i add all my hosts to the kerberos server:
addprinc -randkey host/tux.active2.homelinux.org
I have 5 hosts for learning KerberosV.
Then i made a policy for my users:
addpol -maxlife "1 year" -minlife "6 months" -minlength 4 -minclasses 1
-history 3 insecure
And then adding a user:
addprinc -policy insecure +requires_preauth +allow_forwardable
[EMAIL PROTECTED]
And if i get a client and i do so:
$ kinit
Password for [EMAIL PROTECTED]:
$
All is oke but after a couple of hours (mostly 3 a 4 hours)
$ kinit
Password for [EMAIL PROTECTED]:
kinit(v5): Password incorrect while getting initial credentials
$
hmm.. password incorrect.
i'm using that password for several accounts and now that password is
incorrect.. little confused
The log on the server:
Jun 22 10:33:04 Server krb5kdc[202](info): AS_REQ (3 etypes {3 16 1})
192.168.0.2: NEEDED_PREAUTH: [EMAIL PROTECTED] for
krbtgt/[EMAIL PROTECTED], Additional
pre-authentication required
Jun 22 10:33:07 Server krb5kdc[202](info): preauth (timestamp) verify
failure: Decrypt integrity check failed
Jun 22 10:33:07 Server krb5kdc[202](info): AS_REQ (3 etypes {3 16 1})
192.168.0.2: PREAUTH_FAILED: [EMAIL PROTECTED] for
krbtgt/[EMAIL PROTECTED], Decrypt integrity
check failed
Jun 22 10:33:07 Server krb5kdc[202](info): AS_REQ (3 etypes {3 16 1})
192.168.0.2: NEEDED_PREAUTH: [EMAIL PROTECTED] for
krbtgt/[EMAIL PROTECTED], Additional
pre-authentication required
Jun 22 10:33:07 Server krb5kdc[202](info): preauth (timestamp) verify
failure: Decrypt integrity check failed
Jun 22 10:33:07 Server krb5kdc[202](info): AS_REQ (3 etypes {3 16 1})
192.168.0.2: PREAUTH_FAILED: [EMAIL PROTECTED] for
krbtgt/[EMAIL PROTECTED], Decrypt integrity
check failed
Here i see my timestamp is not oke. But i have run:
ntpdate fistix.xs4all.nl
on all my machines.
This is almost the newest version on my server. On my clients i have the
same version.
Now i'm using the version: 1.2.99-1.3.beta3-4 (Debian version)
My server is going off every evening and comes up every morning. Because
the energy bill. My router is running every day and is running OpenBSD
3.3 that have the Heimdal implementation of kerberosV.
Maybe i do something wrong.
I'm now a little confused.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
