Hi Marcus,
When i use
<modprinc -requires_preauth>
Then try to kinit <user>
it prompts incorrect password
then i should change the password so that it works, but i guess upon changing
the password
the princ is being modified again... thus i guess that the
-requires_preauth isnt set anymore...
Can you please advise me how to make this work since kdc.log is still showing
Preauthentication failed
Thanks,
Scotty
Marcus Watts <[EMAIL PROTECTED]> wrote: scotty adams writes:
> Hi Marcus,
>
> it seems that i can't even kinit over scotty
>
> bash-2.05# kinit scotty
> Password for [EMAIL PROTECTED]:
> kinit: Preauthentication failed while getting initial credentials
>
> same error as that of kadmin
>
> How can i turn off REQUIRES_PRE_AUTH on the principal?
>
> Thanks,
> Scotty
Good. Now you have a much simpler problem to solve.
Since you don't yet have kadmin working, you'll need
to use kadmin.local. When run (as root) on the kdc
(with the right configuration) it will access the database
directly and does not need any credentials. So,
(on the kdc):
kadmin.local
-- to set the bit,
modprinc +requires_preauth
-- to clear the bit,
modprinc -requires_preauth
-- to see the bit
getprinc
-- to see what else you can set
modprinc
-- to see what else you can do
lr
You should also have a large pile of kerberos 5 documentation
that explains this and much much more. If you haven't got
this, you really should dig it up. If you have got it, but
it doesn't explain things like this adequately, you should let
your vendor know where and how the documentation can be improved.
-Marcus Watts
---------------------------------
Want to start your own business? Learn how on Yahoo! Small Business.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
