[Freeipa-users] User keytab file
Daniel Scott
djscott at mit.edu
Tue May 12 16:07:50 UTC 2009
Hi,
I have a FreeIPA server configured and working. I'm now trying to
automate a few processes and have a question regarding user keytabs.
I'm looking to enable passwordless authentication/login for a
particular user.
I have followed the instructions found here:
http://kb.iu.edu/data/aumh.html
>From the above page, it appears that I can do this using a user
keytab. I have created a user named 'backup' and given it a good, long
password. I then created a user keytab file using the following
command:
# ktutil
ktutil: addent -password -p backup -k 1 -e des-cbc-crc
ktutil: addent -password -p backup -k 2 -e des3-cbc-sha1
ktutil: wkt /etc/backup.keytab
I can display the contents of this keytab and it appears to have been
created successfully. Then, I should be able to authenticate using the
following command, correct?
# kinit backup -k -t /etc/backup.keytab
kinit(v5): Key table entry not found while getting initial credentials
The server logs show the following:
May 12 11:54:34 example.com krb5kdc[12175](info): AS_REQ (7 etypes {18
17 16 23 1 3 2}) 192.168.1.50: NEEDED_PREAUTH: backup at EXAMPLE.COM for
krbtgt/EXAMPLE.COM at EXAMPLE.COM, Additional pre-authentication required
I have tried numerous combinations of the username in the kinit
command, but I cannot obtain a ticket. Does anyone have any
suggestions? Am I approaching this in the wrong way? Am I using the
wrong hashing algorithm?
A little more background information:
1. The backup.keytab has permissions 600 and is owned by backup.
2. I have also tried this as root.
Thanks,
Dan Scott
More information about the Freeipa-users
mailing list