On Thu, 2009-10-22 at 19:57 -0400, Nalin Dahyabhai wrote:
On Mon, Oct 12, 2009 at 10:17:21PM -0600, Jason Gerard DeRose wrote:
To help ensure that my new UI patch wont break our daily builds, I've
tried building it under Fedora 12 as it has python-assets and
python-wehjit. It builds fine, but when I kinit, I get this error:
[r...@fedora12 ~]# kinit ad...@example.com
Password for ad...@example.com:
kinit: Looping detected inside krb5_get_in_tkt while getting initial
credentials
Anyone have any ideas?
This came up on the upstream list recently; I haven't reproduced it
myself, but it looks like it'll happen if you fail to preauthenticate in
a number of ways where the KDC doesn't return a more-specific error
code.
Does the database entry for ad...@example.com have keys in it?
Did you type the right password?
Is there anything in the KDC logs that provides more detail?
Do you have a packet capture? The size and contents of the e-data
returned with the error can help narrow it down.
HTH,
Nalin
How do I check whether the database entry for ad...@example.com has keys
in it? Yes, I'm typing the password correctly, and I get the same error
even when I deliberately type the wrong password.
The /var/log/krb5kdc.log file has this repeated over and over again:
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): preauth
(timestamp) verify failure: No matching key in entry
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.122.12: PREAUTH_FAILED:
ad...@example.com for krbtgt/example@example.com, Preauthentication
failed
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): preauth
(timestamp) verify failure: No matching key in entry
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.122.12: PREAUTH_FAILED:
ad...@example.com for krbtgt/example@example.com, Preauthentication
failed
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): preauth
(timestamp) verify failure: No matching key in entry
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.122.12: PREAUTH_FAILED:
ad...@example.com for krbtgt/example@example.com, Preauthentication
failed
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): preauth
(timestamp) verify failure: No matching key in entry
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.122.12: PREAUTH_FAILED:
ad...@example.com for krbtgt/example@example.com, Preauthentication
failed
I'm running this on a VM that I installed from Fedora 12 alpha, but have
updated since. I snapshot prior to building and installing freeipa, so
this is a fairly clean setup. ipa-server-install appears to succeed,
but upon trying to kinit as ad...@example.com, I get the above error.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel