scotty adams <[EMAIL PROTECTED]> writes: > Hi Marcus, > > it seems that i can't even kinit over scotty > > bash-2.05# kinit scotty > Password for [EMAIL PROTECTED]: > kinit: Preauthentication failed while getting initial credentials > > same error as that of kadmin > > How can i turn off REQUIRES_PRE_AUTH on the principal? > > Thanks, > Scotty
Good. Now you have a much simpler problem to solve. Since you don't yet have kadmin working, you'll need to use kadmin.local. When run (as root) on the kdc (with the right configuration) it will access the database directly and does not need any credentials. So, (on the kdc): kadmin.local -- to set the bit, modprinc +requires_preauth <kerberos_principal> -- to clear the bit, modprinc -requires_preauth <kerberos_principal> -- to see the bit getprinc <kerberos_principal> -- to see what else you can set modprinc -- to see what else you can do lr You should also have a large pile of kerberos 5 documentation that explains this and much much more. If you haven't got this, you really should dig it up. If you have got it, but it doesn't explain things like this adequately, you should let your vendor know where and how the documentation can be improved. -Marcus Watts ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos