I have figured out that the problem is that kadmin (in krb5-1.3.1 and
seemingly not 1.3) request for a ticket with etype des3-cbc-sha1 even though
the /etc/krb5.conf file had des-cbc-crc for default tgs and tkt types of
des-cbc-crc. On the server, the principals password is des-cbc-crc.
When I change the key on the server of drwachd/admin to des3-cbc-sha1 and
Is there a reason why kadmin is doing this? The kdc logs indicate that
preauth is failing (timestamp). Is kadmin encrypting the timestamp with
des3-cbc-sha1? Should it use the e-type indicated by /etc/krb5.conf file?
Thanks
-dan
-----Original Message-----
From: Wachdorf, Daniel R
Sent: Tuesday, October 14, 2003 6:24 PM
To: Wachdorf, Daniel R
Cc: ''[EMAIL PROTECTED]' '
Subject: RE: kadmin problems
Actually,
All the entries for everything are dce.sandia.gov. I changed the name on
them before i posted the message. I must have missed one.
-----Original Message-----
From: John Dewey
To: Wachdorf, Daniel R
Cc: '[EMAIL PROTECTED]'
Sent: 10/14/2003 5:38 PM
Subject: Re: kadmin problems
kadm5.acl contains an entry of */[EMAIL PROTECTED]
Your kadmin is authing as drwachd/[EMAIL PROTECTED]
Try kadmin -p drwachd/[EMAIL PROTECTED]
John
On Mon, Oct 13, 2003 at 04:53:27PM -0600, Wachdorf, Daniel R wrote:
> I am having trouble getting kadmin to work. I can use kadmin.local
without
> any problem.
>
> i have setup the kadm5.acl file with this entry:
> */[EMAIL PROTECTED] *
>
> i created the principal with the name drwachd/admin
>
> when i try to use kdamin i get this:
>
> [EMAIL PROTECTED] drwachd]$ /usr/local/sbin/kadmin
> Authenticating as principal drwachd/[EMAIL PROTECTED] with
password.
> Password for drwachd/[EMAIL PROTECTED]:
> Password for drwachd/[EMAIL PROTECTED]:
> kadmin: Preauthentication failed while initializing kadmin interface
>
> I see this in the krb5kdc.log file:
> Oct 13 16:53:20 test.sandia.gov krb5kdc[9711](info): preauth
(timestamp)
> verify failure: No matching key in entry
> Oct 13 16:53:20 test.sandia.gov krb5kdc[9711](info): AS_REQ (4 etypes
{16 23
> 3 1}) 132.175.90.200: PREAUTH_FAILED: drwachd/[EMAIL PROTECTED]
for
> kadmin/[EMAIL PROTECTED], Preauthentication failed
>
> Anyone know whats going on? I am running kadmin from the kdc, so it
can't
> be a timeskew issue. I am SURE the password is right.
> I have tried doing a kinit -S kadmin/admin
drwachd/[EMAIL PROTECTED] and
> it works fine.
>
> Any ideas?
>
> -dan
>
> ________________________________________________
> Kerberos mailing list [EMAIL PROTECTED]
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
