Return-Path: 
 <dev-return-43117-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-dev-archive@www.apache.org
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 97B08F2AB
	for <apmail-directory-dev-archive@www.apache.org>;
 Tue,  7 May 2013 20:55:41 +0000 (UTC)
Received: (qmail 60015 invoked by uid 500); 7 May 2013 20:55:41 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 59959 invoked by uid 500); 7 May 2013 20:55:41 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 59951 invoked by uid 99); 7 May 2013 20:55:41 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 May 2013 20:55:41 +0000
X-ASF-Spam-Status: No, hits=-2.8 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_HI,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of James.C.Wu@disney.com
 designates 204.128.192.17 as permitted sender)
Received: from [204.128.192.17] (HELO msg1.disney.com) (204.128.192.17)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 May 2013 20:55:32 +0000
Received: from int1.disney.pvt (int1.disney.pvt [153.7.110.9])
	by msg1.disney.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id
 r47KtAYh031526
	for <dev@directory.apache.org>; Tue, 7 May 2013 20:55:10 GMT
Received: from sm-cala-xht03.swna.wdpr.disney.com
 (SM-CALA-XHT03.swna.wdpr.disney.com [153.7.248.18])
	by int1.disney.pvt (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id
 r47Ksjg7016033
	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL)
	for <dev@directory.apache.org>; Tue, 7 May 2013 20:55:10 GMT
Received: from sm-cala-vxmb06a.swna.wdpr.disney.com
 ([fe80::8920:73be:eaf5:e3af]) by sm-cala-xht03.swna.wdpr.disney.com
 ([2002:9907:f812::9907:f812]) with mapi; Tue, 7 May 2013 13:54:58 -0700
From: "Wu, James C." <James.C.Wu@disney.com>
To: Apache Directory Developers List <dev@directory.apache.org>
Date: Tue, 7 May 2013 13:54:56 -0700
Subject: RE: kinit with keytab failed 
Thread-Topic: kinit with keytab failed 
Thread-Index: Ac5LTS9uAuxYBRrsSj+n023wAWTzIQAF5CQw
Message-ID: 
 <7D664BE6CF058A4CB1A06984A7AA678F1808032F63@SM-CALA-VXMB06A.swna.wdpr.disney.com>
References: 
 <7D664BE6CF058A4CB1A06984A7AA678F1808032D51@SM-CALA-VXMB06A.swna.wdpr.disney.com>
In-Reply-To: 
 <7D664BE6CF058A4CB1A06984A7AA678F1808032D51@SM-CALA-VXMB06A.swna.wdpr.disney.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US
Content-Type: multipart/alternative;
	boundary="_000_7D664BE6CF058A4CB1A06984A7AA678F1808032F63SMCALAVXMB06A_"
MIME-Version: 1.0
X-Flow-Control: Sendmail Flow Controller v2.2.5 int1.disney.pvt r47Ksjg7016033
X-Flow-Control-Info: class=Exchange rcpts=1 size=8116
X-Virus-Checked: Checked by ClamAV on apache.org

--_000_7D664BE6CF058A4CB1A06984A7AA678F1808032F63SMCALAVXMB06A_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

It is my bad. I think I did not enter the password correctly.I guess I have=
 to type more slowly:).  I wish ktutil can check the validity of password.

james

From: dev-return-43116-James.C.Wu=3Ddisney.com@directory.apache.org [mailto=
:dev-return-43116-James.C.Wu=3Ddisney.com@directory.apache.org] On Behalf O=
f Wu, James C.
Sent: Tuesday, May 07, 2013 11:15 AM
To: dev@directory.apache.org
Subject: kinit with keytab failed

Hi Guys,

I am trying to get kinit with a keytab file working when using  ApacheDS as=
 Kerberos server. However I could not get it to work on both the same host =
of ApacheDS server and on the client. Ironically, I got different error mes=
sage in the two cases.

On the apacheDS host

[cloud-user@n7-z01-0a2a0c3a ~]$ ktutil
ktutil:  addent -password -p FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM> -k 0 -=
e des-cbc-md5
Password for FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM>:
ktutil:  wkt temp.keytab
ktutil:  q
[cloud-user@n7-z01-0a2a0c3a ~]$ kinit -k -t temp.keytab FOO@EXAMPLE.COM<mai=
lto:FOO@EXAMPLE.COM>
kinit: Generic preauthentication failure while getting initial credentials


On the client host:

[cloud-user@n7-z01-0a2a046d ~]$ ktutil
ktutil:  addent -password -p FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM> -k 0 -=
e des-cbc-md5
Password for FOO@EXAMPLE.COM<mailto:FOO@EXAMPLE.COM>:
ktutil:   wkt temp.keytab
ktutil:  q
[FOO@n7-z01-0a2a046d ~]$ kinit -k -t ./temp.keytab FOO@EXAMPLE.COM<mailto:F=
OO@EXAMPLE.COM>
kinit: Key table entry not found while getting initial credentials

I looked at the configuration of the apacheds, des-cbc-md5 is one of the en=
cryption types that it supports.  Normal kinit FOO@EXAMPLE.COM<mailto:FOO@E=
XAMPLE.COM> works on both the apacheds host and the client.

Regards,

james


James

--_000_7D664BE6CF058A4CB1A06984A7AA678F1808032F63SMCALAVXMB06A_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV=3D"Content-Type" CONTENT=
=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=3D"Micros=
oft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Wingdings;
	panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue vli=
nk=3Dpurple><div class=3DWordSection1><p class=3DMsoNormal><i><span style=
=3D'color:#1F497D'>It is my bad. I think I did not enter the password corre=
ctly.I guess I have to type more slowly</span></i><i><span style=3D'font-fa=
mily:Wingdings;color:#1F497D'>J</span></i><i><span style=3D'color:#1F497D'>=
.&nbsp; I wish ktutil can check the validity of password.<o:p></o:p></span>=
</i></p><p class=3DMsoNormal><i><span style=3D'color:#1F497D'><o:p>&nbsp;</=
o:p></span></i></p><p class=3DMsoNormal><i><span style=3D'color:#1F497D'>ja=
mes<o:p></o:p></span></i></p><p class=3DMsoNormal><span style=3D'color:#1F4=
97D'><o:p>&nbsp;</o:p></span></p><div><div style=3D'border:none;border-top:=
solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=3DMsoNormal><b><spa=
n style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span>=
</b><span style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'> dev=
-return-43116-James.C.Wu=3Ddisney.com@directory.apache.org [mailto:dev-retu=
rn-43116-James.C.Wu=3Ddisney.com@directory.apache.org] <b>On Behalf Of </b>=
Wu, James C.<br><b>Sent:</b> Tuesday, May 07, 2013 11:15 AM<br><b>To:</b> d=
ev@directory.apache.org<br><b>Subject:</b> kinit with keytab failed <o:p></=
o:p></span></p></div></div><p class=3DMsoNormal><o:p>&nbsp;</o:p></p><p cla=
ss=3DMsoNormal>Hi Guys,<o:p></o:p></p><p class=3DMsoNormal><o:p>&nbsp;</o:p=
></p><p class=3DMsoNormal>I am trying to get kinit with a keytab file worki=
ng when using &nbsp;ApacheDS as Kerberos server. However I could not get it=
 to work on both the same host of ApacheDS server and on the client. Ironic=
ally, I got different error message in the two cases.<o:p></o:p></p><p clas=
s=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal>On the apacheDS hos=
t<o:p></o:p></p><p class=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNor=
mal>[cloud-user@n7-z01-0a2a0c3a ~]$ ktutil <o:p></o:p></p><p class=3DMsoNor=
mal>ktutil:&nbsp; addent -password -p <a href=3D"mailto:FOO@EXAMPLE.COM">FO=
O@EXAMPLE.COM</a> -k 0 -e des-cbc-md5<o:p></o:p></p><p class=3DMsoNormal>Pa=
ssword for <a href=3D"mailto:FOO@EXAMPLE.COM">FOO@EXAMPLE.COM</a>: <o:p></o=
:p></p><p class=3DMsoNormal>ktutil:&nbsp; wkt temp.keytab<o:p></o:p></p><p =
class=3DMsoNormal>ktutil:&nbsp; q<o:p></o:p></p><p class=3DMsoNormal>[cloud=
-user@n7-z01-0a2a0c3a ~]$ kinit -k -t temp.keytab <a href=3D"mailto:FOO@EXA=
MPLE.COM">FOO@EXAMPLE.COM</a><o:p></o:p></p><p class=3DMsoNormal>kinit: Gen=
eric preauthentication failure while getting initial credentials<o:p></o:p>=
</p><p class=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal><o:p>&nb=
sp;</o:p></p><p class=3DMsoNormal>On the client host:<o:p></o:p></p><p clas=
s=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal>[cloud-user@n7-z01-=
0a2a046d ~]$ ktutil<o:p></o:p></p><p class=3DMsoNormal>ktutil:&nbsp; addent=
 -password -p <a href=3D"mailto:FOO@EXAMPLE.COM">FOO@EXAMPLE.COM</a> -k 0 -=
e des-cbc-md5<o:p></o:p></p><p class=3DMsoNormal>Password for <a href=3D"ma=
ilto:FOO@EXAMPLE.COM">FOO@EXAMPLE.COM</a>:<o:p></o:p></p><p class=3DMsoNorm=
al>ktutil:&nbsp;&nbsp; wkt temp.keytab<o:p></o:p></p><p class=3DMsoNormal>k=
tutil:&nbsp; q<o:p></o:p></p><p class=3DMsoNormal>[FOO@n7-z01-0a2a046d ~]$ =
kinit -k -t ./temp.keytab <a href=3D"mailto:FOO@EXAMPLE.COM">FOO@EXAMPLE.CO=
M</a><o:p></o:p></p><p class=3DMsoNormal>kinit: Key table entry not found w=
hile getting initial credentials<o:p></o:p></p><p class=3DMsoNormal><o:p>&n=
bsp;</o:p></p><p class=3DMsoNormal>I looked at the configuration of the apa=
cheds, des-cbc-md5 is one of the encryption types that it supports. &nbsp;N=
ormal kinit <a href=3D"mailto:FOO@EXAMPLE.COM">FOO@EXAMPLE.COM</a> works on=
 both the apacheds host and the client. <o:p></o:p></p><p class=3DMsoNormal=
><o:p>&nbsp;</o:p></p><p class=3DMsoNormal>Regards,<o:p></o:p></p><p class=
=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal>james<o:p></o:p></p>=
<p class=3DMsoNormal><o:p>&nbsp;</o:p></p><p class=3DMsoNormal><o:p>&nbsp;<=
/o:p></p><p class=3DMsoNormal>James<o:p></o:p></p></div></body></html>=

--_000_7D664BE6CF058A4CB1A06984A7AA678F1808032F63SMCALAVXMB06A_--