Re: [Freeipa-devel] Fedora12: Looping detected inside krb5_get_in_tkt

2009-10-25 Thread Jason Gerard DeRose 
On Thu, 2009-10-22 at 19:57 -0400, Nalin Dahyabhai wrote:
 On Mon, Oct 12, 2009 at 10:17:21PM -0600, Jason Gerard DeRose wrote:
  To help ensure that my new UI patch wont break our daily builds, I've
  tried building it under Fedora 12 as it has python-assets and
  python-wehjit.  It builds fine, but when I kinit, I get this error:
  
  [r...@fedora12 ~]# kinit ad...@example.com
  Password for ad...@example.com: 
  kinit: Looping detected inside krb5_get_in_tkt while getting initial
  credentials
  
  Anyone have any ideas?
 
 This came up on the upstream list recently; I haven't reproduced it
 myself, but it looks like it'll happen if you fail to preauthenticate in
 a number of ways where the KDC doesn't return a more-specific error
 code.
 
 Does the database entry for ad...@example.com have keys in it?
 Did you type the right password?
 Is there anything in the KDC logs that provides more detail?
 Do you have a packet capture?  The size and contents of the e-data
 returned with the error can help narrow it down.
 
 HTH,
 
 Nalin

How do I check whether the database entry for ad...@example.com has keys
in it?  Yes, I'm typing the password correctly, and I get the same error
even when I deliberately type the wrong password.

The /var/log/krb5kdc.log file has this repeated over and over again:

Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): preauth
(timestamp) verify failure: No matching key in entry
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.122.12: PREAUTH_FAILED:
ad...@example.com for krbtgt/example@example.com, Preauthentication
failed
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): preauth
(timestamp) verify failure: No matching key in entry
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.122.12: PREAUTH_FAILED:
ad...@example.com for krbtgt/example@example.com, Preauthentication
failed
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): preauth
(timestamp) verify failure: No matching key in entry
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.122.12: PREAUTH_FAILED:
ad...@example.com for krbtgt/example@example.com, Preauthentication
failed
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): preauth
(timestamp) verify failure: No matching key in entry
Oct 25 21:59:21 fedora12.example.com krb5kdc[27434](info): AS_REQ (7
etypes {18 17 16 23 1 3 2}) 192.168.122.12: PREAUTH_FAILED:
ad...@example.com for krbtgt/example@example.com, Preauthentication
failed

I'm running this on a VM that I installed from Fedora 12 alpha, but have
updated since.  I snapshot prior to building and installing freeipa, so
this is a fairly clean setup.  ipa-server-install appears to succeed,
but upon trying to kinit as ad...@example.com, I get the above error.

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 302 clean up join plugin

2009-10-25 Thread Jason Gerard DeRose 
On Fri, 2009-10-23 at 18:40 +0200, Pavel Zůna wrote:
 Rob Crittenden wrote:
  Remove a bunch of unused imports, add some docstrings, etc.
  
  rob
  
 ack.
 
 Pavel

ack. pushed to master.

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel