[Freeipa-users] Kerberos authentication from a third party app - Shibboleth
Alexander Bokovoy
abokovoy at redhat.com
Wed Mar 2 11:00:42 UTC 2016
On Wed, 02 Mar 2016, Prashant Bapat wrote:
>Thanks. But my problem is not OTP per se but Kerberos thru Java.
>Specifically i'm getting below error.
>
>javax.security.auth.login.LoginException: Pre-authentication information
>was invalid (24) - PREAUTH_FAILED
>at
>com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804)
>Caused by: sun.security.krb5.KrbException: Pre-authentication information
>was invalid (24) - PREAUTH_FAILED
>at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:82)
>Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match
>expected value (906)
>at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
>
>Any pointers ?
Read the page, please. It has all the details what you need to implement
-- most importantly, you need to implement FAST channel support.
>
>On 1 March 2016 at 21:01, Alexander Bokovoy <abokovoy at redhat.com> wrote:
>
>> On Tue, 01 Mar 2016, Prashant Bapat wrote:
>>
>>> Hi,
>>>
>>> I'm trying to use Shibboleth IdP with FreeIPA and Kerberos Authentication.
>>> I'm aware of Ipsilon, just that Shibboleth is more suited for my use case.
>>>
>>> I've installed ipa-client on a server and connected it to ipa. Shibboleth
>>> is installed on this server and I'm able to get the Kerberos
>>> authentication
>>> working. Documented here
>>> <
>>> https://wiki.shibboleth.net/confluence/display/IDP30/KerberosAuthnConfiguration
>>> >
>>> .
>>>
>>> However if I bring OTP into picture, authentication fails. Error message
>>> is
>>> like "Pre-authentication information was invalid (24) - PREAUTH_FAILED".
>>>
>>> Any pointers on how to make OTP work?
>>>
>> http://www.freeipa.org/page/V4/OTP
>> http://www.freeipa.org/page/V4/OTP/Detail
>>
>> --
>> / Alexander Bokovoy
>>
>--
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list