directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: Kerberized SSH keeps asking for password
Date Thu, 04 Feb 2010 07:49:37 GMT

Quoting Andreas Backman <andreas@kontorsplatsen.se>:

> Thanks a lot for your reply! Somehow I missed that error.
>
> I removed my keytab and created a new one using your guide. But it   
> seams to be something wrong with the keytab.
>
>> ktutil
> ktutil:  addent -password -p host/sa-1.base.kplatsen.local -k 1 -e   
> des-cbc-md5
> Password for host/sa-1.base.kplatsen.local@KPLATSEN.LOCAL: (Entering  
>  the password stored in the LDAP, for this entry)
>> kinit -k -t /etc/krb5.keytab host/sa-1.base.kplatsen.local@KPLATSEN.LOCAL
> kinit: Password incorrect while getting initial credentials
>

There must be something wrong with the password. Please make sure that  
the <keyDerivationInterceptor/> in server.xml is active. Then delete  
the krb5Key attributes from the entry and set a new userPassword for  
the entry via LDAP. Verify that the new password was set and the  
krb5Key attributes were generated.

HTH,
Stefan



Mime
View raw message