>From my understanding you need to enable preauth per principal. When I enabled preauth on my server I had to write a little script that added the +require_preauth to my users:
#!/bin/sh USERS=$(echo "get_principals" | kadmin.local | grep -v \/ | grep -v kadmin.local:) ### Note 'grep -v \/' is a \ and / not the letter V. OPTIONS="+requires_preauth" for PRINCIPAL in $USERS do echo "Updating $PRINCIPAL" echo "modify_principal $OPTIONS $PRINCIPAL" | kadmin.local >/dev/null done I also set [realms] MYREALM.COM default_principal_flags = +preauth in my kdc.conf to automatically add the +require_preauth flag to any new principals. Hope this helps. On 04/15/2010 02:14 PM, Jeff Blaine wrote: > MIT Kerberos 1.8, all Linux for now, custom build > > It's my understanding that the existence of a preauth > module in lib/krb5/plugins makes the module required. > > Is that correct? I bet it's not, and if so, I would > love to have someone explain what reality is. > > Is there any documentation on configuring preauth at > all? I already found +require_preauth as part of > addprinc/modprinc > > Thanks for any help! > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos