[Freeipa-users] Kerberos authentication from a third party app - Shibboleth
Prashant Bapat
prashant at apigee.com
Wed Mar 2 10:55:00 UTC 2016
Thanks. But my problem is not OTP per se but Kerberos thru Java.
Specifically i'm getting below error.
javax.security.auth.login.LoginException: Pre-authentication information
was invalid (24) - PREAUTH_FAILED
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804)
Caused by: sun.security.krb5.KrbException: Pre-authentication information
was invalid (24) - PREAUTH_FAILED
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:82)
Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match
expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
Any pointers ?
On 1 March 2016 at 21:01, Alexander Bokovoy <abokovoy at redhat.com> wrote:
> On Tue, 01 Mar 2016, Prashant Bapat wrote:
>
>> Hi,
>>
>> I'm trying to use Shibboleth IdP with FreeIPA and Kerberos Authentication.
>> I'm aware of Ipsilon, just that Shibboleth is more suited for my use case.
>>
>> I've installed ipa-client on a server and connected it to ipa. Shibboleth
>> is installed on this server and I'm able to get the Kerberos
>> authentication
>> working. Documented here
>> <
>> https://wiki.shibboleth.net/confluence/display/IDP30/KerberosAuthnConfiguration
>> >
>> .
>>
>> However if I bring OTP into picture, authentication fails. Error message
>> is
>> like "Pre-authentication information was invalid (24) - PREAUTH_FAILED".
>>
>> Any pointers on how to make OTP work?
>>
> http://www.freeipa.org/page/V4/OTP
> http://www.freeipa.org/page/V4/OTP/Detail
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160302/f6c21064/attachment.htm>
More information about the Freeipa-users
mailing list