-----Greg Hudson <ghud...@mit.edu> wrote: ----- >Is the requires-preauth bit set on your krbtgt/MERA.NU principal?
kadmin: getprinc krbtgt/MERA.NU Principal: krbtgt/mera...@mera.nu Expiration date: [never] Last password change: [never] Password expiration date: [none] Maximum ticket life: 0 days 10:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Mon Feb 09 15:24:45 CET 2009 (db_creat...@mera.nu) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 5 Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt Key: vno 1, ArcFour with HMAC/md5, no salt Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 1, DES cbc mode with CRC-32, no salt Key: vno 1, DES cbc mode with RSA-MD5, no salt MKey: vno 1 Attributes: REQUIRES_PRE_AUTH Policy: [none] >Also, although I don't think this is at all relevant, krenew comes >from >a different source package from MIT Kerberos, so you might test with >"kinit -R" just to remove that variable. m...@irit:~$ kinit -R kinit: KDC returned error string: NO PREAUTH while renewing credentials / Marcus ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos