UNKNOWN_SERVER Error on KRB5?

Wed, 12 May 2004 11:55:10 -0700 

I am very new to Kerberos, and trying to do what seems a very complex task
with it. We are a big mainframe 390/zOS shop, with AS/400's, and Windows
clients. We currently have the zOS configured as a KDC, and can point a
Windows box to it to get a TGT, then a service ticket, to access the AS/400
through the windows "runas" command, and all works well. Of course, that is
not exactly what we NEED, so I have to add a Linux/KRB5 kdc, because we need
to be able to force the passwords on the ID as part of a behind the scenes
biometric solution. Now, with all that said, most is not important to my
real problem. The issue is, when I point the windows box to my new kdc on
Linux, I run into a couple of issues I do not really understand.

First, we were using an upper case userid. When I create one in this
configureation, I can get it from the windows box using leash32 to test, but
it fails when using the runas. With all else the same, a lower case ID is
successful at retreiving a TGT.

Second, when I do get a TGT, and a second call is made to get the service
ticket, I get at my server a messages:

May 07 11:25:29 SEC400 krb5kdc[208](info): AS_REQ (7 etypes {23 -133 -128 3
1 24 -135}) 10.3.1.70(88): NEEDED_PREAUTH: [EMAIL PROTECTED]
for krbtgt/[EMAIL PROTECTED], Additional
pre-authentication required
May 07 11:25:29 SEC400 krb5kdc[208](info): AS_REQ (2 etypes {3 1})
10.3.1.70(88): ISSUE: authtime 1083943529, etypes {rep=3 tkt=16 ses=1},
[EMAIL PROTECTED] for
krbtgt/[EMAIL PROTECTED]
May 07 11:25:29 SEC400 krb5kdc[208](info): TGS_REQ (7 etypes {23 -133 -128 3
1 24 -135}) 10.3.1.70(88): UNKNOWN_SERVER: authtime 1083943529,
[EMAIL PROTECTED] for
krbsvr400/[EMAIL PROTECTED], Server not found
in Kerberos database

I have tried every thing I could think of, but just can't seem to make any
headway. Any advice from some of you long time KRB experts would be greatly
appreciated.

Joe Bryant
Sr. Sys. Prog.
Rite Aid Corp.


________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to