scotty adams <[EMAIL PROTECTED]> writes:
> Hi Marcus,
>
> it seems that i can't even kinit over scotty
>
> bash-2.05# kinit scotty
> Password for [EMAIL PROTECTED]:
> kinit: Preauthentication failed while getting initial credentials
>
> same error as that of kadmin
>
> How can i turn off REQUIRES_PRE_AUTH on the principal?
>
> Thanks,
> Scotty
Good. Now you have a much simpler problem to solve.
Since you don't yet have kadmin working, you'll need
to use kadmin.local. When run (as root) on the kdc
(with the right configuration) it will access the database
directly and does not need any credentials. So,
(on the kdc):
kadmin.local
-- to set the bit,
modprinc +requires_preauth <kerberos_principal>
-- to clear the bit,
modprinc -requires_preauth <kerberos_principal>
-- to see the bit
getprinc <kerberos_principal>
-- to see what else you can set
modprinc
-- to see what else you can do
lr
You should also have a large pile of kerberos 5 documentation
that explains this and much much more. If you haven't got
this, you really should dig it up. If you have got it, but
it doesn't explain things like this adequately, you should let
your vendor know where and how the documentation can be improved.
-Marcus Watts
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
