Thanks for the tip.
I know have the following error:
Feb 22 20:39:37 ldapserver krb5kdc[10211](info): AS_REQ (5 etypes {3 1 23
16 17}) 172.23.14.210: NEEDED_PREAUTH: [email protected] for
krbtgt/[email protected], Additional pre-authentication required
Feb 22 20:39:37 ldapserver krb5kdc[10211](info): preauth (timestamp) verify
failure: Decrypt integrity check failed
Feb 22 20:39:37 ldapserver krb5kdc[10211](info): AS_REQ (5 etypes {3 1 23
16 17}) 172.23.14.210: PREAUTH_FAILED: [email protected] for
krbtgt/[email protected], Decrypt integrity check failed
Any clue on what's failing?
Another question, how should I configure openDS access control to accept
GSSAPI with kerberos tickets?
Thanks in advance
On Tue, Feb 21, 2012 at 5:28 PM, Mantas M. <[email protected]> wrote:
> On Tue, Feb 21, 2012 at 11:23:04AM +0100, Tiago Elvas wrote:
> > NO PREAUTH: authtime 0, [email protected] for
> > ldap/[email protected], Generic error (see e-text)
>
> A common case for this is that the '[email protected]' principal
> is missing the "requires_preauth" flag, causing the TGT & tickets to be
> obtained without preauth, which the LDAP server requires.
>
> kadmin: modprinc +requires_preauth kerberos-test
>
> Although the 'kdc.conf' given in an earlier message /does/ have this in
> 'default_principal_flags'...
>
> --
> Mantas Mikulėnas <[email protected]>
>
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
