Do you need to have allow_weak_crypto = true set in your krb5.conf? -Christopher -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ray Vand Sent: Monday, April 22, 2013 3:38 PM To: Benjamin Kaduk Cc: [email protected] Subject: [EXTERNAL] Re: Issue with Kerberos setting in Sun Solaris 10
Ben, The space is added when I cut and paste from terminal. I forgot to fix it in the email. it prompts for password and it takes it. I even tried wrong password and I got error. Which mean it is communicating with KDC. Also I am using MIT Kerberos version krb5-1.11.1-signed.tar which I download it from MIT site. Ray On Apr 22, 2013, at 1:27 PM, Benjamin Kaduk <[email protected]> wrote: > [putting the list back in the cc] > > On Mon, 22 Apr 2013, Ray Vand wrote: > >> Ben, >> >> kvno was 9 because I gave a new value in addent command. >> >> ktutil: addent -password -p sapldap/[email protected] -k 9 -e >> DES-CBC-MD5 > > Ah, okay. As I said earlier, I don't think this kvno will affect 'kinit -k', > but is relevant when used as an acceptor. > >> I created a new one with kvno 7 and tried it. Still getting initial >> credentials error. > > Right, I wouldn't expect that to change. > > Some ways of generating a keytab will increment the kvno on the KDC, which > will cause problems for existing keytabs; it sounds like that is not what is > causing this problem. > >> ktutil: addent -password -p sapldap/ads.company.com@ COMPANY.COM -k 7 -e >> DES-CBC-MD5 >> Password for sapldap/ads.company.com@ COMPANY.COM: >> ktutil: list >> slot KVNO Principal >> ---- ---- >> --------------------------------------------------------------------- >> 1 7 sapldap/ads.company.com@ COMPANY.COM >> ktutil: wkt /tmp/ray.keytab >> ktutil: q >> >> # cp /tmp/ray.keytab /etc/krb5/krb5.keytab >> >> # kinit -k -t /etc/krb5/krb5.keytab sapldap/ads.company.com@ COMPANY.COM >> kinit(v5): Key table entry not found while getting initial credentials > > I assume the space between '@' and "COMPANY.COM" is introduced while > transcribing into email? If it is present in the actual command line it may > cause problems. > > You never did say if you are using the Solaris integrated tools or an > external installation of MIT kerberos. > > -Ben ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
