Quanah Gibson-Mount wrote: > > --On Thursday, February 08, 2007 7:32 AM -0500 Sam Hartman > <[EMAIL PROTECTED]> wrote: > >>>>>>> "Quanah" == Quanah Gibson-Mount <[EMAIL PROTECTED]> writes: >> Quanah> --On Wednesday, February 07, 2007 5:07 PM -0500 Sam >> Quanah> Hartman >> Quanah> <[EMAIL PROTECTED]> wrote: >> >> >> I would be suspicious of whether you had properly managed to >> >> set your machine password. >> >> Quanah> Define "machine password". You mean the password used >> Quanah> between the machine and the KDC for the keytab that was >> Quanah> created? That bit is obviously working because when those >> Quanah> don't match, the KDC logs an error, which it isn't doing. >> Quanah> In any case, I had that particular password in my C&P >> Quanah> buffer, and simple pasted it in for both the KDC and the >> Quanah> windows box, so it would be particularly difficult for it >> Quanah> to be a typo... >> >> If the salt types are inconsistent or something I could see the key >> working to obtain tickets but not to decrypt them. > > Hm, interesting. Is there an easy way to diagnose that?
No, but Wireshark (formally called ethereal) runs on Linux or Windows can show you a lot of the Kerberos packets. There is a lot of unencrypted data in them which includes the salt returned in the AS_REP or KRB_ERROR message in response to a kinit using a password. So if you know what password you used to create the keytab, and the salt you used, you could double check that the same salt was used in both. > > --Quanah > > > -- > Quanah Gibson-Mount > Principal Software Developer > ITS/Shared Application Services > Stanford University > GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
