-----Greg Hudson <[email protected]> wrote: ----- >Is the requires-preauth bit set on your krbtgt/MERA.NU principal?
kadmin: getprinc krbtgt/MERA.NU Principal: krbtgt/[email protected] Expiration date: [never] Last password change: [never] Password expiration date: [none] Maximum ticket life: 0 days 10:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Mon Feb 09 15:24:45 CET 2009 ([email protected]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 5 Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt Key: vno 1, ArcFour with HMAC/md5, no salt Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 1, DES cbc mode with CRC-32, no salt Key: vno 1, DES cbc mode with RSA-MD5, no salt MKey: vno 1 Attributes: REQUIRES_PRE_AUTH Policy: [none] >Also, although I don't think this is at all relevant, krenew comes >from >a different source package from MIT Kerberos, so you might test with >"kinit -R" just to remove that variable. m...@irit:~$ kinit -R kinit: KDC returned error string: NO PREAUTH while renewing credentials / Marcus ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
