directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wu, James C." <James.C...@disney.com>
Subject RE: kinit with keytab failed
Date Tue, 07 May 2013 20:54:56 GMT
It is my bad. I think I did not enter the password correctly.I guess I have to type more slowly:).
 I wish ktutil can check the validity of password.

james

From: dev-return-43116-James.C.Wu=disney.com@directory.apache.org [mailto:dev-return-43116-James.C.Wu=disney.com@directory.apache.org]
On Behalf Of Wu, James C.
Sent: Tuesday, May 07, 2013 11:15 AM
To: dev@directory.apache.org
Subject: kinit with keytab failed

Hi Guys,

I am trying to get kinit with a keytab file working when using  ApacheDS as Kerberos server.
However I could not get it to work on both the same host of ApacheDS server and on the client.
Ironically, I got different error message in the two cases.

On the apacheDS host

[cloud-user@n7-z01-0a2a0c3a ~]$ ktutil
ktutil:  addent -password -p FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM> -k 0 -e des-cbc-md5
Password for FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM>:
ktutil:  wkt temp.keytab
ktutil:  q
[cloud-user@n7-z01-0a2a0c3a ~]$ kinit -k -t temp.keytab FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM>
kinit: Generic preauthentication failure while getting initial credentials


On the client host:

[cloud-user@n7-z01-0a2a046d ~]$ ktutil
ktutil:  addent -password -p FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM> -k 0 -e des-cbc-md5
Password for FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM>:
ktutil:   wkt temp.keytab
ktutil:  q
[FOO@n7-z01-0a2a046d ~]$ kinit -k -t ./temp.keytab FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM>
kinit: Key table entry not found while getting initial credentials

I looked at the configuration of the apacheds, des-cbc-md5 is one of the encryption types
that it supports.  Normal kinit FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM> works on both
the apacheds host and the client.

Regards,

james


James

Mime
View raw message