[Freeipa-users] Generic preauthentication failure while getting initial credentials using kinit -k -t
Brian J. Murrell
brian at interlinx.bc.ca
Wed Sep 23 23:35:23 UTC 2015
I've put a kerberos principle into a keytab:
# klist -k asterisk.keytab
Keytab name: FILE:asterisk.keytab
KVNO Principal
---- --------------------------------------------------------------------------
8 asterisk at EXAMPLE.COM
using:
# ipa-getkeytab -s server.example.com -p asterisk -k /tmp/asterisk-krb5.keytab -e aes256-cts
But when I try to use that keytab I get an error:
# kinit -k -t /etc/asterisk/asterisk.keytab imap/linux.example.com at EXAMPLE.COM
kinit: Generic preauthentication failure while getting initial credentials
On the server I get the following error:
Sep 23 19:30:39 server.example.com krb5kdc[28970](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) xxxxxx: NEEDED_PREAUTH: imap/linux.example.com at EXAMPLE.COM for krbtgt/EXAMPLE.COM at EXAMPLE.COM, Additional pre-authentication required
Any idea what is going on here?
Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150923/0267ac5d/attachment.sig>
More information about the Freeipa-users
mailing list