Thanks. But my problem is not OTP per se but Kerberos thru Java. Specifically i'm getting below error.
javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) - PREAUTH_FAILED at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804) Caused by: sun.security.krb5.KrbException: Pre-authentication information was invalid (24) - PREAUTH_FAILED at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:82) Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) Any pointers ? On 1 March 2016 at 21:01, Alexander Bokovoy <aboko...@redhat.com> wrote: > On Tue, 01 Mar 2016, Prashant Bapat wrote: > >> Hi, >> >> I'm trying to use Shibboleth IdP with FreeIPA and Kerberos Authentication. >> I'm aware of Ipsilon, just that Shibboleth is more suited for my use case. >> >> I've installed ipa-client on a server and connected it to ipa. Shibboleth >> is installed on this server and I'm able to get the Kerberos >> authentication >> working. Documented here >> < >> https://wiki.shibboleth.net/confluence/display/IDP30/KerberosAuthnConfiguration >> > >> . >> >> However if I bring OTP into picture, authentication fails. Error message >> is >> like "Pre-authentication information was invalid (24) - PREAUTH_FAILED". >> >> Any pointers on how to make OTP work? >> > http://www.freeipa.org/page/V4/OTP > http://www.freeipa.org/page/V4/OTP/Detail > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project