"RUZ" contains the principle "host/[EMAIL PROTECTED]". It is installed in this host's keytab. "domain_realm" contains the entry "wum.lat = RUZ". However, when I attempt to acquire a ticket for "host/[EMAIL PROTECTED]" as "[EMAIL PROTECTED]", the KDC complains:
---
Mar 11 20:10:45 wum krb5kdc[13912]: AS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.179.73: NEEDED_PREAUTH: [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED], Additional pre-authentication required
Mar 11 20:10:45 wum krb5kdc[13912]: AS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.179.73: ISSUE: authtime 1079064645, etypes {rep=16 tkt=16 ses=16}, [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]
Mar 11 20:10:45 wum krb5kdc[13912]: TGS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.179.73: ISSUE: authtime 1079064645, etypes {rep=16 tkt=16 ses=16}, [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]
Mar 11 20:10:45 wum krb5kdc[13912]: TGS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.179.73: PROCESS_TGS: authtime 0, <unknown client> for host/[EMAIL PROTECTED], Decrypt integrity check failed
Mar 11 20:10:48 wum sshd[12296]: Failed password for admin from 192.168.24.106 port 58802 ssh2
---
(I would ordinarily use GSSAPI rather than enter my password using ssh - but this is broken - for the same reason?) In other tests, I verify that I acquire the "krbtgt/[EMAIL PROTECTED]" ticket, and the "krbtgt/[EMAIL PROTECTED]" ticket:
---
Default Principal: [EMAIL PROTECTED] Valid Starting Expires Service Principal 03/11/04 20:29:16 03/12/04 06:29:16 krbtgt/[EMAIL PROTECTED] renew until 03/18/04 20:29:16 03/11/04 20:29:23 03/12/04 06:29:16 krbtgt/[EMAIL PROTECTED] renew until 03/11/04 20:29:23
---
But these tickets don't grant me tickets from "RUZ". What did I do wrong?
Thanks,
Jack
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos