Password incorrect while getting initial credentials - Kerberos

This is a discussion on Password incorrect while getting initial credentials - Kerberos ; Hello, I am receiving a "kint(v5): Password incorrect while getting initial credentials" error after entering a password in response to a prompt following a kinit command (kinit user/my.domain@MY.REALM). I know that I am entering the correct password. The database seems ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Password incorrect while getting initial credentials

  1. Password incorrect while getting initial credentials

    Hello,

    I am receiving a "kint(v5): Password incorrect while getting initial
    credentials" error after entering a password in response to a prompt
    following a kinit command (kinit user/my.domain@MY.REALM). I know
    that I am entering the correct password. The database seems to be
    fine; I can get a ticket as root through:
    kinit -k -t /etc/krb5.keytab user/my.domain@MY.REALM

    I am wondering if this could have anything to do with a
    preauthentication requirement. My KDC.conf has a default principal
    flag of +preauth.

    Does this flag require any preliminary steps to authenticate before
    (or during) kinit?

    May there be anything else that I am missing?

    Thanks a lot.

    Angus Atkins-Trimnell

  2. Re: Password incorrect while getting initial credentials

    On Feb 17, 2008 10:10 PM, wrote:
    > Hello,
    >
    > I am receiving a "kint(v5): Password incorrect while getting initial
    > credentials" error after entering a password in response to a prompt
    > following a kinit command (kinit user/my.domain@MY.REALM). I know
    > that I am entering the correct password. The database seems to be
    > fine; I can get a ticket as root through:
    > kinit -k -t /etc/krb5.keytab user/my.domain@MY.REALM
    >
    > I am wondering if this could have anything to do with a
    > preauthentication requirement. My KDC.conf has a default principal
    > flag of +preauth.
    >
    > Does this flag require any preliminary steps to authenticate before
    > (or during) kinit?
    >
    > May there be anything else that I am missing?
    >
    > Thanks a lot.
    >


    If 'user/my.domain@MY.REALM' is the same in both cases, the reason you
    can't authenticate with a password is because you created the keytab.
    The act of creating a keytab causes a new random key to be generated
    and placed in the Kerberos database and into the keytab. There is no
    password associated with that key and you will only be able to
    authenticate as that principal using the keytab.

    If you want to authenticate with a password, do a "cpw" in kadmin for
    the principal (and do not do a "ktadd").

  3. Re: Password incorrect while getting initial credentials

    On Feb 18, 8:01 am, "Kevin Coffman" wrote:
    > On Feb 17, 2008 10:10 PM, wrote:
    >
    >
    >
    > > Hello,

    >
    > > I am receiving a "kint(v5): Password incorrect while getting initial
    > > credentials" error after entering a password in response to a prompt
    > > following a kinit command (kinit user/my.dom...@MY.REALM). I know
    > > that I am entering the correct password. The database seems to be
    > > fine; I can get a ticket as root through:
    > > kinit -k -t /etc/krb5.keytab user/my.dom...@MY.REALM

    >
    > > I am wondering if this could have anything to do with a
    > > preauthentication requirement. My KDC.conf has a default principal
    > > flag of +preauth.

    >
    > > Does this flag require any preliminary steps to authenticate before
    > > (or during) kinit?

    >
    > > May there be anything else that I am missing?

    >
    > > Thanks a lot.

    >
    > If 'user/my.dom...@MY.REALM' is the same in both cases, the reason you
    > can't authenticate with a password is because you created the keytab.
    > The act of creating a keytab causes a new random key to be generated
    > and placed in the Kerberos database and into the keytab. There is no
    > password associated with that key and you will only be able to
    > authenticate as that principal using the keytab.
    >
    > If you want to authenticate with a password, do a "cpw" in kadmin for
    > the principal (and do not do a "ktadd").


    C'est magnifique! Thanks, that's just what I needed.

    Angus

+ Reply to Thread