Enabling preauthentication on linux kdc - Kerberos

This is a discussion on Enabling preauthentication on linux kdc - Kerberos ; Hi, I have a question regarding enabling kerberos pre-authentication on linux kdc (kerberos servers). Can somebody please help ? I am not able to enable this preauthentication on linux kdc. windows kdc works with preauthencation enabled, such that even if ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Enabling preauthentication on linux kdc

  1. Enabling preauthentication on linux kdc

    Hi,

    I have a question regarding enabling kerberos pre-authentication on
    linux kdc (kerberos servers). Can somebody please help ? I am not able
    to enable this preauthentication on linux kdc.

    windows kdc works with preauthencation enabled, such that even if a
    kerberos request comes from linux machine the kdc returns KRB-ERROR.
    the linux kerberos client then comes back with the required PA-ENC-
    TIMESTAMP and is authenticated by KDC. I would like to configure linux
    kdc for the same behaviour.

    for this on the linux kerberos kdc machine.
    I edited /var/kerberos/krb5kdc/kdc.conf
    and put this lines

    [realms]
    NEVISTEST.COM = {
    require-preauth = yes
    default_principal_flags = +preauth
    .....

    and restarted krb5kdc service
    but this doesn't seem to effect the kerberos behaviour in any way and
    I am stuck.

    please help me with any suggestion/pointers.

    Regards
    S.Gourisankar


  2. Re: Enabling preauthentication on linux kdc

    Mr. Hascall,

    I could get linux kdc to pre-authenticate after following your suggestions.
    Thanks a million.

    Regards
    S.Gourisankar

    On Nov 14, 2007 6:39 PM, John Hascall wrote:
    >
    >
    > > Hi,
    > >
    > > I have a question regarding enabling kerberos pre-authentication on

    >
    > > [realms]
    > > NEVISTEST.COM = {
    > > require-preauth = yes
    > > default_principal_flags = +preauth

    >
    > I've never heard of 'require-preauth = yes' as a config file option.
    > Setting 'default_principal_flags' only effects principals you create
    > when it is in effect -- it doesn't touch existing principals -- you
    > will need to use the modprinc command of the kadmin program to set
    > the requires_preauth flag on any existing principals.
    >
    > John
    >




    --
    --------------
    Gourisam

+ Reply to Thread