password incorrect but it's not, works fine with Solaris + MIT? - Kerberos

This is a discussion on password incorrect but it's not, works fine with Solaris + MIT? - Kerberos ; What am I doing wrong this time? -bash-2.05b# /usr/kerberos/bin/kinit jblaine@RCF.FOO.COM Password for jblaine@RCF.FOO.COM : kinit(v5): Password incorrect while getting initial credentials -bash-2.05b# -bash-2.05b# rpm -qa | grep krb5 krb5-workstation-1.2.7-38 krb5-libs-1.2.7-38 pam_krb5-1.70-1 krb5-devel-1.2.7-38 -bash-2.05b# uname -a Linux blackbird-vm2 2.4.21-53.EL #1 Wed ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: password incorrect but it's not, works fine with Solaris + MIT?

  1. password incorrect but it's not, works fine with Solaris + MIT?

    What am I doing wrong this time?

    -bash-2.05b# /usr/kerberos/bin/kinit jblaine@RCF.FOO.COM
    Password for jblaine@RCF.FOO.COM:
    kinit(v5): Password incorrect while getting initial credentials
    -bash-2.05b#

    -bash-2.05b# rpm -qa | grep krb5
    krb5-workstation-1.2.7-38
    krb5-libs-1.2.7-38
    pam_krb5-1.70-1
    krb5-devel-1.2.7-38
    -bash-2.05b# uname -a
    Linux blackbird-vm2 2.4.21-53.EL #1 Wed Nov 14 04:02:23 EST 2007
    i686 i686 i386 GNU/Linux
    -bash-2.05b#

    However, /usr/rcf-krb5/bin/kinit jblaine@RCF.FOO.COM works
    fine on a Solaris 9 box (which has our MIT krb5 build).

    BOTH hosts have the same exact /etc/krb5.conf

    krb5kdc says:

    Dec 07 15:46:49 silmaril.foo.com krb5kdc[26865](info):
    AS_REQ (5 etypes {16 23 1 3 2}) 129.xx.xx.xx: ISSUE: authtime
    1197060409, etypes {rep=1 tkt=16 ses=16}, jblaine@RCF.FOO.COM
    for krbtgt/RCF.FOO.COM@RCF.FOO.COM

    Principal looks like:

    kadmin: getprinc jblaine
    Principal: jblaine@RCF.FOO.COM
    Expiration date: Wed Dec 30 19:00:00 EST 2037
    Last password change: [never]
    Password expiration date: [none]
    Maximum ticket life: 14 days 00:00:00
    Maximum renewable life: 7 days 00:00:00
    Last modified: Mon Oct 29 21:08:00 EDT 2007 (jblaine@RCF.FOO.COM)
    Last successful authentication: [never]
    Last failed authentication: [never]
    Failed password attempts: 0
    Number of keys: 1
    Key: vno 5, DES cbc mode with CRC-32, AFS version 3
    Attributes:
    Policy: [none]
    kadmin:


  2. Re: password incorrect but it's not, works fine with Solaris + MIT?

    On Dec 7, 3:59 pm, Jeff Blaine wrote:
    > What am I doing wrong this time?
    >
    > -bash-2.05b# /usr/kerberos/bin/kinit jbla...@RCF.FOO.COM
    > Password for jbla...@RCF.FOO.COM:
    > kinit(v5): Password incorrect while getting initial credentials
    > -bash-2.05b#
    >
    > -bash-2.05b# rpm -qa | grep krb5
    > krb5-workstation-1.2.7-38
    > krb5-libs-1.2.7-38
    > pam_krb5-1.70-1
    > krb5-devel-1.2.7-38
    > -bash-2.05b# uname -a
    > Linux blackbird-vm2 2.4.21-53.EL #1 Wed Nov 14 04:02:23 EST 2007
    > i686 i686 i386 GNU/Linux
    > -bash-2.05b#
    >
    > However, /usr/rcf-krb5/bin/kinit jbla...@RCF.FOO.COM works
    > fine on a Solaris 9 box (which has our MIT krb5 build).
    >
    > BOTH hosts have the same exact /etc/krb5.conf
    >
    > krb5kdc says:
    >
    > Dec 07 15:46:49 silmaril.foo.com krb5kdc[26865](info):
    > AS_REQ (5 etypes {16 23 1 3 2}) 129.xx.xx.xx: ISSUE: authtime
    > 1197060409, etypes {rep=1 tkt=16 ses=16}, jbla...@RCF.FOO.COM
    > for krbtgt/RCF.FOO....@RCF.FOO.COM
    >
    > Principal looks like:
    >
    > kadmin: getprinc jblaine
    > Principal: jbla...@RCF.FOO.COM
    > Expiration date: Wed Dec 30 19:00:00 EST 2037
    > Last password change: [never]
    > Password expiration date: [none]
    > Maximum ticket life: 14 days 00:00:00
    > Maximum renewable life: 7 days 00:00:00
    > Last modified: Mon Oct 29 21:08:00 EDT 2007 (jbla...@RCF.FOO.COM)
    > Last successful authentication: [never]
    > Last failed authentication: [never]
    > Failed password attempts: 0
    > Number of keys: 1
    > Key: vno 5, DES cbc mode with CRC-32, AFS version 3
    > Attributes:
    > Policy: [none]
    > kadmin:


    Does your client talk in single des? Maybe if you force your enctype
    in krb5.conf on the client (Although I dont think this is
    recommended. )
    What enctypes do you have in the kdc.conf? You might add some enctypes
    to your kdc .. then reset the password and try again.

  3. Re: password incorrect but it's not, works fine with Solaris + MIT?

    You wrote:
    ....
    > > Key: vno 5, DES cbc mode with CRC-32, AFS version 3

    ....
    ^^^^^^^^^^^^^

    Have you tried using other salt types?

    -Marcus Watts

+ Reply to Thread