I did a manual comparision between the two files like this on Windows ktpass -in my.keytab on unix klist -k -K they are identical.
Any idea what the ticket option FORWARDED means? thanks, Tyson Oswald "Douglas E. Engert" <[EMAIL PROTECTED]> wrote: Tyson Oswald wrote: > > Tyson Oswald wrote: I generated a host key on the a Windows server and installed it > on the Sun workstation with ktutil. The key was generated with the same password as > the user on windows. It was setup with DES-CBC-CRC enctype, also krb5.conf is setup > to use des-cbc-crc for both tkt and tgs. One thing I did do was when I FTPed the > host key to the Sun box I used binary instead of ascii, if that caused a problem I > do not know. If you think this could cause this issue I will re-copy it. Anyother way to do it is when you run the ktpass /out ... it will type out the entry on the console, and show the kvno and the DES key in hex. You can then use the ktutil "addent -key" and type in the DES key in hex on the UNIX system. This avoids any string-to-key problems, as well as any transfer problems. If nothing else you cold verify if the key and kvno is as expected by using klist -k -K ... > > thank you, > > Tyson Oswald > > Jeffrey Altman wrote: > Do you have a host key for the Windows workstation? > > Does the Windows workstation know the name you have used for its host key? > > Is the host key restricted to use an enctype of DES-CBC-CRC? > > Did you create the host key with a password and not a random key? > > Did you install the password into the Workstation using KSETUP? > > Jeffrey Altman > > Tyson Oswald wrote: > > Hello all, > > > > I read the white paper on the MS site > > (http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp) > > to setup AD authentication on Unix. It is based on MIT KDC, but I am > > using SEAM. Since SEAM is based on MIT, I assumed it would work. I > > am using SEAM 1.0.1 on SPARC Solaris 8. I followed the instructions > > in the white paper, and according to the event log on our PDC the user > > authenticates successfully. But, the Service Ticket is failing > > authentication. I am troubled as to why. The event id I am getting > > in the event log is 677. The failure code is 0x0d (bad option) and > > the ticket option is 0x02. According the the RFC 0x02 menas FORWARDED. > > > > Has anyone run into this error or know what is wrong? > > > > thank you, > > > > Tyson Oswald > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
