Fw: Kerberos failed to create a principal

Fri, 23 Nov 2007 19:38:28 -0800 

Hello,

In continue to my e-mail below we detected the attribute DISALLOW_TGT_BASED
for the kadmin/admin principal.


      kadmin.local:  getprinc kadmin/[EMAIL PROTECTED]
      Principal: kadmin/[EMAIL PROTECTED]
      Expiration date: [never]
      Last password change:  Tue Oct 16 18:01:25 IST 2007
      Password expiration date: [none]
      Maximum ticket life: 0 day 03:00:00
      Maximum renewable life: 7 days 00:00:00
      Last modified: Wed Nov 21 15:02:00 IST 2007 (admin/[EMAIL PROTECTED])
      Last successful authentication: [never]
      Last failed authentication: [never]
      Failed password attempts: 0
      Number of keys: 4
      Key: vno 3, Triple DES cbc mode with HMAC/sha1,
      no salt
      Key: vno 3, ArcFour with HMAC/md5,
      no salt
      Key: vno 3, AES-256 CTS mode with 96-bit SHA-1 HMAC,
      no salt
      Key: vno 3, DES cbc mode with RSA-MD5,
      no salt

      Attributes:
            DISALLOW_TGT_BASED REQUIRES_PRE_AUTH
      Policy: [none]


Although that from googling we understand that it shouldn't be a problem we
unset this attribute for the kadmin/admin principal and it seems to
stabilize the system.

Does it make sense ?

Thanks,

Ido Levy

                                                                           
             Ido                                                           
             Levy/Haifa/[EMAIL PROTECTED]                                       
      
             MIL                                                        To 
             Sent by:                  [email protected]                    
             kerberos-bounces@                                          cc 
             mit.edu                                                       
                                                                   Subject 
                                       Kerberos failed to create a         
             21/11/2007 22:47          principal                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           





Hello,

We are running kerberos server that use LDAP as his DB.
Until today everything works  fine but suddenly user creation failed as you
can see in the following example:

      kadmin.local:  addprinc -randkey user40
      NOTICE: no policy specified for [EMAIL PROTECTED]
      assigning "default". Note that policy may be overridden by
      ACL restrictions.
      Unable to randomize key for "[EMAIL PROTECTED]"
      Status 0x29c250c - Principal does not exist.

      kadmin.local:  getprinc user40
      Unable to retrieve principal "[EMAIL PROTECTED]"
            Status 0x29c250c - Principal does not exist.

The error message we get in kadmin.log file is:

      local6:err|error kadmin.local[782428]: LDAP:
/blddir/krb514/src/plugins/ldap/ira_entry.c(193), 32: LDAP_NO_SUCH_OBJECT


If you did encounter similar problem any advice/direction in how to
isolate/find/understand where is the problem would be appreciated.

Thank You !!

Ido Levy

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to