tags:

kerberos

views:

38

answers:

1

+1 Q:

kerberos ENC-TC

What is wrong with the heimdal configuration?

kinit test

test@REALM's Password: kinit: krb5_get_init_creds: No ENC-TS found

An /etc/krb5.conf contains: default_tgs_enctypes = des-cbc-crc default_tkt_enctypes = des-cbc-crc default_etypes = des-cbc-crc default_etypes_des = des-cbc-crc fcc-mit-ticketflags = true

A:

You really didn't provide much info. I suggest showing us the output of klist both before and after kinit.

But as best I can determine: ENC-TS is the encrypted TimeStamp used in pre-authentication. For whatever reason, the server is not including the ENC-TS section of the Kerberos response.

The section of krb5.conf that you shared does not seem related to this pre-authentication setting.

abelenky 2010-04-14 20:31:40

I am using LDAP as a backend for heimdal.I can provide krb5 config if it can help...klist shows in both cases:klist: No ticket file: /tmp/krb5cc_0kinit fails with incorrect password and says "kinit: krb5_get_init_creds: No ENC-TS found" for correct one ...

2010-04-14 20:39:02

Thank you! I have found the "root of evil".It was due to incorrect real minitialisation. Heimdal has not stored his accounts (krbtgt/REALM etc) into LDAP.The solution is to reinit the realm from scratch (kasmin -l; init REALM).

2010-04-14 20:50:50

related questions

Can I indicate to clients that SPNEGO is supported but NTLM is not for HTTP requests?

Is a service principal name (SPN) bound to a specific machine?

The process that must occur between the client and servers, Kerberos authentication.

How can I edit Kerberos 5 configuration files with Perl?

Query/Change SPNs on Windows Domain without SetSPN

How do I interact with a kerberos server from my own application

Kerberos Authentification in PHP

How to obtain a kerberos service ticket via GSS-API?

How can i start a console application using the 'network service' account

Tomcat authentication using SPNEGO/Kerberos and delegation

Testing that a website is using Kerberos authentication

SSH hangs on Mac Book Pro; AFS and Network Preferences?

Why does my web part throw an error about "NT Authority/Anonymous User"?

Generate kerberos ticket using .NET

How do I call a Sharepoint Webservice from a c# client using Kerberos authentication ?

Can I use two Kerberos Keytabs from a single host?

How do I reload kerberos configuration under tomcat ?

Do I need to set up Kerberos to use Replication in SQL Server 2005?

bind Linux to Active Directory using kerberos

IIS Returning Old User Names to my application

gss_acquire_cred returning Key table entry not found error

Kerberos and T125 protocol

Difference between SSL and Kerberos authentication?

Kerberos Delegation for Clients Ouside the Firewall

Kerberos user authentication in Apache