On Wed, Feb 22, 2012 at 08:41:15PM +0100, Tiago Elvas wrote:
> Thanks for the tip.
>
> I know have the following error:
>
> Feb 22 20:39:37 ldapserver krb5kdc[10211](info): AS_REQ (5 etypes {3 1 23
> 16 17}) 172.23.14.210: NEEDED_PREAUTH: [email protected] for
> krbtgt/[email protected], Additional pre-authentication required
> Feb 22 20:39:37 ldapserver krb5kdc[10211](info): preauth (timestamp) verify
> failure: Decrypt integrity check failed
> Feb 22 20:39:37 ldapserver krb5kdc[10211](info): AS_REQ (5 etypes {3 1 23
> 16 17}) 172.23.14.210: PREAUTH_FAILED: [email protected] for
> krbtgt/[email protected], Decrypt integrity check failed
>
> Any clue on what's failing?
"Decrypt integrity check failed" almost always means "the password given to
`kinit` was incorrect".
> Another question, how should I configure openDS access control to accept
> GSSAPI with kerberos tickets?
I believe this is already documented at
<https://www.opends.org/wiki/page/GSSAPIConfiguration>.
--
Mantas M.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
