f



kinit: KRB5 error code 52 while getting initial credentials #2

I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error code 52 while getting initial credentials 
 
So far my analysis shows this error to indicate the following: 0x34 - KRB_ERR_RESPONSE_TOO_BIG - Too much data 
 
According to a number of forums, some inheriant limitations exist with the Solaris 8 version of Kerberos concerning the number of group memberships a user may have.  In my Active Directory, each user is a member of possibly many groups.  To confirm this, I created a simple user with only membership to "Domain Users" and was able to run kinit without issue.
Also, I seen a number of forums reporting that the native version of Kerberos in Solaris 8 does not support TCP.  Apparently by default, once the package size of a Kerberos ticket reaches a specified max, TCP should be used.
 
I have the following Kerberos packages loaded: SUNWk5pk        kernel Kerberos V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx       kernel Kerberos V5 plug-in w/auth+privacy (64-bit) SUNWk5pu        user Kerberos V5 gss mechanism w/auth+privacy (32-bit) SUNWk5pux       user Kerberos V5 gss mechanism w/auth+privacy (64-bit) 
 
Are updated packages for Kerberos available for Solaris 8 environments that can handle support for Kerberos over TCP and having a large number of group memberships?
_________________________________________________________________
Local listings, incredible imagery, and driving directions - all in one place! Find it!
http://maps.live.com/?wip=69&FORM=MGAC01
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
rfbass16 (4)
7/4/2007 5:56:56 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

1 Replies
485 Views

Similar Articles

[PageSpeed] 7

On Wed, Jul 04, 2007 at 05:56:56PM +0000, Ron Bass II wrote:
> 
> I'm getting the following error on a Solaris 8 machine: kinit: KRB5
> error code 52 while getting initial credentials 
>  
> So far my analysis shows this error to indicate the following: 0x34 -
> KRB_ERR_RESPONSE_TOO_BIG - Too much data 
>  
> According to a number of forums, some inheriant limitations exist with
> the Solaris 8 version of Kerberos concerning the number of group
> memberships a user may have.  In my Active Directory, each user is a
> member of possibly many groups.  To confirm this, I created a simple
> user with only membership to "Domain Users" and was able to run kinit
> without issue.  Also, I seen a number of forums reporting that the
> native version of Kerberos in Solaris 8 does not support TCP.
> Apparently by default, once the package size of a Kerberos ticket
> reaches a specified max, TCP should be used.

Support for TCP in Solaris Kerberos was introduced in Solaris 10.

> I have the following Kerberos packages loaded: SUNWk5pk        kernel
> Kerberos V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx       kernel
> Kerberos V5 plug-in w/auth+privacy (64-bit) SUNWk5pu        user
> Kerberos V5 gss mechanism w/auth+privacy (32-bit) SUNWk5pux       user
> Kerberos V5 gss mechanism w/auth+privacy (64-bit) 
>  
> Are updated packages for Kerberos available for Solaris 8 environments
> that can handle support for Kerberos over TCP and having a large
> number of group memberships?

There are no Solaris 8 packages to provide Kerberos over TCP at this
point.  If you have a customer service agreement you can make a request
through your Sun service rep. for TCP/Kerberos support in Solaris 8.
There is no guarantee that Sun will do this as there are costs to doing
this and this support is available in Solaris 10.  In fact Solaris 10
has a number of Kerberos improvements that make interop with a MS AD
easier.

-- 
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
0
7/9/2007 8:43:48 PM
Reply:

Similar Artilces:

RE: kinit: KRB5 error code 52 while getting initial credentials #2
Any chance the Kerberos libs from Solaris 10 can port back to Solaris 8? So= me limitations have arisen such that an upgrade to Solaris 10 is not possi= ble yet. Is there any way to patch the Solaris 8 Kerberos??? =20 Thanks Ron > Date: Wed, 11 Jul 2007 11:42:49 -0500> From: William.Fiveash@sun.com> To:= rfbass16@hotmail.com> CC: William.Fiveash@sun.com; kerberos@mit.edu> Subje= ct: Re: kinit: KRB5 error code 52 while getting initial credentials> > On W= ed, Jul 11, 2007 at 01:10:19AM +0000, Ron Bass II wrote:> > > > Thanks for = the update Will. I'll look into Solaris 10...> > Note that there have been = a number of updates (some security related)> released for Solaris 10 so mak= e sure you get the latest bits.> > -- > Will Fiveash> Sun Microsystems Inc.= > Austin, TX, USA (TZ=3DCST6CDT) _________________________________________________________________ Local listings, incredible imagery, and driving directions - all in one pla= ce! Find it! http://maps.live.com/?wip=3D69&FORM=3DMGAC01= ...

error : kinit(v5) : KRB5 error code 52 while getting initial credentials
Hello all, i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it. users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com). since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some configuration in krb5.conf file on my server (test.co.yy) [domain_realm] xx.com = XX.COM ..xx.com = XX.COM co.yy = XX.COM ..co.yy = XX.COM this shows that my domain co.yy which doesnnot have a KDC , i have mapped it to the realm XX.COM . now i have some issues. 1) i tried to get a keytab from the KDC of XX.COM ( my server in co.yy) > ktpass -princ HTTP/test.co.yy@XX.COM 2) i somehow managed to get a keytab . i copied into Apache folder and executed the command. kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy@XX.COM password: xxxx error : kinit(v5) : KRB5 error code 52 while getting initial credentials Please help me understand what is this error.. is it some issue with domain mapping configuration in krb5.conf file? i am using kerberos 1.2.7 version. Thanks in advance Sunil C Sunil Chandrasekharan wrote: > Hello all, > i am Sunil C. i have a domain named...

KRB5 error code 52 while getting initial credentials #2
Hello all, i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it.=20 users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com) since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some configuration in krb5.conf file on my server (test.co.yy)=20 [domain_realm] xx.com =3D XX.COM ..xx.com =3D XX.COM co.yy =3D XX.COM ..co.yy =3D XX.COM this shows that my domain co.yy which doesnnot have a KDC , i have mapped i= t to the realm XX.COM . now i have some issues. 1) i tried to get a keytab from the KDC of XX.COM ( my server in co.yy) > ktpass -princ HTTP/test.co.yy@XX.COM 2) i somehow managed to get a keytab . i copied into Apache folder and executed the command. kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy@XX.COM password: xxxx error : kinit(v5) : KRB5 error code 52 while getting initial credentials Please help me understand what is this erro.. is it some issue with domain mapping configuration in krb5.conf file? i am using kerberos 1.2.7 version= .. Thanks Sunil C ---------------------------- In article , sunilcnair wrote: > This is Su...

kinit: KRB5 error code 52 while getting initial credentials
I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error c= ode 52 while getting initial credentials=20 =20 So far my analysis shows this error to indicate the following: 0x34 - KRB_E= RR_RESPONSE_TOO_BIG - Too much data=20 =20 According to a number of forums, some inheriant limitations exist with the = Solaris 8 version of Kerberos concerning the number of group memberships a = user may have. In my Active Directory, each user is a member of possibly m= any groups. To confirm this, I created a simple user with only membership = to "Domain Users" and was able to run kinit without issue. Also, I seen a number of forums reporting that the native version of Kerber= os in Solaris 8 does not support TCP. Apparently by default, once the pack= age size of a Kerberos ticket reaches a specified max, TCP should be used. =20 I have the following Kerberos packages loaded: SUNWk5pk kernel Kerbe= ros V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx kernel Kerberos V5 p= lug-in w/auth+privacy (64-bit) SUNWk5pu user Kerberos V5 gss mechani= sm w/auth+privacy (32-bit) SUNWk5pux user Kerberos V5 gss mechanism w= /auth+privacy (64-bit)=20 =20 Are updated packages for Kerberos available for Solaris 8 environments that= can handle support for Kerberos over TCP and having a large number of grou= p memberships? _________________________________________________________________ Local listings, incredible imagery, and driving directions - all in...

RE: kinit: KRB5 error code 52 while getting initial credentials
Thanks for the update Will. I'll look into Solaris 10...> Date: Mon, 9 Jul= 2007 15:43:48 -0500> From: William.Fiveash@sun.com> To: rfbass16@hotmail.c= om> CC: kerberos@mit.edu> Subject: Re: kinit: KRB5 error code 52 while gett= ing initial credentials> > On Wed, Jul 04, 2007 at 05:56:56PM +0000, Ron Ba= ss II wrote:> > > > I'm getting the following error on a Solaris 8 machine:= kinit: KRB5> > error code 52 while getting initial credentials > > > > So = far my analysis shows this error to indicate the following: 0x34 -> > KRB_E= RR_RESPONSE_TOO_BIG - Too much data > > > > According to a number of forums= , some inheriant limitations exist with> > the Solaris 8 version of Kerbero= s concerning the number of group> > memberships a user may have. In my Acti= ve Directory, each user is a> > member of possibly many groups. To confirm = this, I created a simple> > user with only membership to "Domain Users" and= was able to run kinit> > without issue. Also, I seen a number of forums re= porting that the> > native version of Kerberos in Solaris 8 does not suppor= t TCP.> > Apparently by default, once the package size of a Kerberos ticket= > > reaches a specified max, TCP should be used.> > Support for TCP in Sola= ris Kerberos was introduced in Solaris 10.> > > I have the following Kerber= os packages loaded: SUNWk5pk kernel> ...

KRB5 error code 52 while getting initial credentials
Hello all, i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it. users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com) since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some configuration in krb5.conf file on my server (test.co.yy) [domain_realm] xx.com = XX.COM ..xx.com = XX.COM co.yy = XX.COM ..co.yy = XX.COM this shows that my domain co.yy which doesnnot have a KDC , i have mapped it to the realm XX.COM . now i have some issues. 1) i tried to get a keytab from the KDC of XX.COM ( my server in co.yy) > ktpass -princ HTTP/test.co.yy@XX.COM 2) i somehow managed to get a keytab . i copied into Apache folder and executed the command. kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy@XX.COM password: xxxx error : kinit(v5) : KRB5 error code 52 while getting initial credentials Please help me understand what is this erro.. is it some issue with domain mapping configuration in krb5.conf file? i am using kerberos 1.2.7 version. Thanks Sunil C ---------------------------- In article <mailman.115.1197917539.11331.kerberos@mit.edu>,...

kinit(v5): KRB5 error code 68 while getting initial credentials
I have a huge Problem. Im trying to install a SSO for our Intranet-Webserver (Apache 2.0.55) on a SuSE Linux 10.0. Ist running very fine. But we have some Computers, which are NOT Part of the Active Directory Domain, so there the sso doesnt work. If the paste their Usernames into the Auth-Box (firstname.lastname@persona.de) it doesnt work. But the Useraccount exists in the AD. If they paste the real username (e.g. firstname.lastname@KONZERN.INTERN) it works fine. The problem: The user dont Know his real AD-Name. He knows just hier emailadress (firstname.lastname@persona.de) Anyone a solution? My krb5.conf "[libdefaults] default_realm = KONZERN.INTERN clockskew = 300 [realms] KONZERN.INTERN = { kdc = w2kroot.konzern.intern default_domain = konzern.intern admin_server = w2kroot } persona.de = { kdc = w2kroot.konzern.intern default_domain = konzern.intern admin_server = w2kroot } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .konzern.intern = KONZERN.INTERN [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 ...

kinit: Key table entry not found while getting initial credentials #2
Hello newsgroup, We followed the instructions on http://grolmsnet.de/kerbtut/ kinit -k -t /etc/apache2/httpotrskeytab OTRS/ server.test.local@TEST.LOCAL produces the following error: kinit: Key table entry not found while getting initial credentials we are using mit kerberos 1.9.1 on sles10 we created the keytabfile on windows 2008 r2 server with the following command: ktpass -princ OTRS/server.test.local@TEST.LOCAL -mapuser httpotrs@TEST.LOCAL -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass secretpassword -out c:\temp\httpotrskeytab we copied the file to the linux server to /etc/apache2 directory manual ticket creation works fine: server:/ # kinit OTRS/server.test.local Password for OTRS/server.test.local@TEST.LOCAL: server:/ # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: OTRS/server.test.local@TEST.LOCAL Valid starting Expires Service principal 06/07/11 13:40:15 06/07/11 23:40:15 krbtgt/TEST.LOCAL@TEST.LOCAL renew until 06/08/11 13:40:15 server:/ # kvno OTRS/server.test.local@TEST.LOCAL OTRS/server.test.local@TEST.LOCAL: kvno =3D 11 any ideas what went wrong with our installation? G=FCnter g� <guenter.huerkamp@gmail.com> writes: > Hello newsgroup, > > We followed the instructions on http://grolmsnet.de/kerbtut/ > > > kinit -k -t /etc/apache2/httpotrskeytab OTRS/ > server.test.local@TEST.LOCAL > produces the following error: > kinit: Key table entry not found while getting initial credenti...

kerberos and Windows 2008R2
Hello Kerberos List, I'm trying to set a Kerberos ticket between a Unix and a Windows 2008 R2 se= rver. I've created a user on windows and used the ktpass to generate the Kerberos= keytab: C:\Windows\System32\ktpass princ host/jc1lqaldap.testdomain.com@TESTDOMAIN.= COM mapuser TESTDOMAIN\host_jc1lqaldap -crypto DES-CBC-MD5 -pass * -ptype K= RB5_NT_PRINCIPAL out c:\nis_data\host_jc1lqaldap.keytab I did make sure that "User Kerberos DES encryption types for this account" = was checked. First I was getting: root@jc1lqaldap:/etc# kinit -V -k -t /etc/krb5.keytab -c /tmp/krb5cc_0 host= /jc1lqaldap.testdomain.com kinit: KDC has no support for encryption type while getting initial credent= ials So I've checked "Do not require Kerberos preauthentication" and I get: root@jc1lqaldap:/etc# kinit -V -k -t /etc/krb5.keytab -c /tmp/krb5cc_0 host= /jc1lqaldap.testdomain.com kinit: Key table entry not found while getting initial credentials Where should that key table entry be located ? I cannot go forward with this. Is there a way to get more verbose logging s= o I can troubleshoot this. Klist root@jc1lqaldap:/etc# klist -ke -t /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- ----------------------------------------------------= ---- 12 12/31/69 19:00:00 host/jc1lqaldap.testdomain.com@TESTDOMAIN.COM (DES c= bc mode with RSA-MD5) Cat /etc/krb5.conf [logging] default =3D FILE...

permitted_enctypes = "des-cbc-crc" triggers 'kinit: Generic error (see e-text) while getting initial credentials'
I have this in my Suse 11.3 /etc/krb.conf for libdefaults: allow_weak_crypto = true # permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96" permitted_enctypes = "des-cbc-crc" Now if I try to kinit I get this error: kinit kinit: Generic error (see e-text) while getting initial credentials Why? Wendy ...

KRB5 error code 52
Kerberos experts, I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try they fail the login with the "KRB5 error code 52" error. I read that this has something to do with UDP packet size and to try TCP. Is there a way in SEAM to have it use TCP rather then UDP, or to try UDP then TCP is that fails? I was hoping there was a configuration parameter in krb5.conf. thanks, Tyson Oswald ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Tyson, I assume you use a Windows kdc and experience the pac field problem. There is now a patch for w2k and w2k3 to stop the creation of the pac field, which might help. Regards Markus "Tyson Oswald" <oswaldt@ameritech.net> wrote in message news:20041005182618.82769.qmail@web81508.mail.yahoo.com... > Kerberos experts, > > I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When > others try they fail the login with the "KRB5 error code 52" error. I > read that this has something to do with UDP packet size and to try TCP. > Is there a way in SEAM to have it use TCP rather then UDP, or to try UDP > then TCP is that fails? I was hoping there was a configuration parameter > in krb5.conf. > > thanks, > Tyson Oswald > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https...

Re: KRB5 error code 52
SEAM 1.01 doesn't support TCP, later version on Solaris 10 support TCP Hooshang > Kerberos experts, > > I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try > they fail the login with the "KRB5 error code 52" error. I read that this has > something to do with UDP packet size and to try TCP. Is there a way in SEAM to > have it use TCP rather then UDP, or to try UDP then TCP is that fails? I was > hoping there was a configuration parameter in krb5.conf. > > thanks, > Tyson Oswald > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos So what is the MaxTokenSize in SEAM, I just got a formula from MS on what they use for 2003. Also we don't have this issue in SEAM for Solaris 8 so what's different? thanks, Tyson Oswald h.dadgari@comcast.net wrote in message news:<100520041836.10730.4162E9A70001ACE5000029EA2200750784079D0E090B0E0BD208@comcast.net>... > SEAM 1.01 doesn't support TCP, later version on Solaris 10 support TCP > > Hooshang > > > > Kerberos experts, > > > > I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try > > they fail the login with the ...

Getting an error: Attempted to access u(2); index out of bounds because numel(u)=1. Error in ==> treat at 31 if (u(2)>1000) #2
HI, I am using an ode function having three differntial equations in u(1), u(2), (3) using function f=treat(t, u), Now when i use if function as if (u(2)>1000) c=1; else (u(1)<=100) c=0; end i am getting the following error Attempted to access u(2); index out of bounds because numel(u)=1. Error in ==> treat at 31 if (u(2)>1000) Please tell me. thanks "gati " <gatimishrano@yahoo.com> wrote in message news:kfdpbl$ke1$1@newscl01ah.mathworks.com... > HI, I am using an ode function having three differntial equations in u(1), > u(2), (3) using function f=treat(t, u), Now when i use if function as if > (u(2)>1000) c=1; else (u(1)<=100) c=0; end i am getting the following > error Attempted to access u(2); index out of bounds because numel(u)=1. > Error in ==> treat at 31 if (u(2)>1000) Please tell me. thanks My guess is that the initial condition vector you passed into the ODE solver has only 1 element. If you've got three ODEs in three variables, you need a 3-element initial condition vector. -- Steve Lord slord@mathworks.com To contact Technical Support use the Contact Us link on http://www.mathworks.com ...

Kerberos error: Unknown code krb5 195
Hello group! I am new to this group and topic. I have been using pine as my primary email client for long, and never noticed the role of kerberos in the play. Until recently, on a newly installed Redhat EL5 server, when I open pine configured to connect to our Exchange 2007 server, I got: Kerberos error: Unknown code krb5 195 (try running kinit) for some.emailserver.edu I then did kinit >kinit >kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials What does this tell me and how do I shoot this problem? Thanks, Jindan Jindan Zhou <jindan@gmail.com> writes: > I then did kinit >>kinit >>kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials > What does this tell me and how do I shoot this problem? Usually it means you either don't have an /etc/krb5.conf file or it's incorrect or doesn't include your realm information. It can mean various other things too (DNS problems, for instance), but krb5.conf is the first place to look. -- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/> On Nov 5, 4:44 am, Russ Allbery <r...@stanford.edu> wrote: > Jindan Zhou <jin...@gmail.com> writes: > > I then did kinit > >>kinit > >>kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials > > What does this tell me and how do I sho...

Kerberos error 52 (0x34) when using kinit
Hello All, I'm getting the above error when I try to get the initial ticket using kinit. The KDC is Windows 2003 and the client is running on linux. My understanding of kerberos and the KDC in particular is that if the KDC can't send the response back via UDP it will switch over to TCP. My question is this: Does the client need to programmactically take an action if it recieves this error or will this be taken care of "under the hood"? Also the client side (linux), is there a way to force the communication to occur using TCP? TIA, Bruce E. Wells ------------------------------------------------------------------------ ------------------------- ------------------------- CONFIDENTIALITY AND SECURITY NOTICE This e-mail contains information that may be confidential and proprietary. It is to be read and used solely by the intended recipient(s). Citadel and its affiliates retain all proprietary rights they may have in the information. If you are not an intended recipient, please notify us immediately either by reply e-mail or by telephone at 312-395-2100 and delete this e-mail (including any attachments hereto) immediately without reading, disseminating, distributing or copying. We cannot give any assurances that this e-mail and any attachments are free of viruses and other harmful code. Citadel reserves the right to monitor, intercept and block all communications involving its computer systems. _______________________________________...

kinit: Preauthentication failed while getting initial credentials
Hola, estoy intentando conectarme desde Ubuntu (Kerberos) a un drectorio activo (Windows 2008) , pero tengo problemas. Datos Tecnicos: Dominio: NAME1.NAME2.COM Mi krb5.conf default =3D FILE:/var/log/krb5lib.log [libdefaults] ticket_lifetime =3D 24000 default_realm =3D NAME1.NAME2.COM [realms] NAME1.NAME2.COM =3D { kdc =3D dcwindows admin_server =3D dcwindows default_domain =3D NAME1.NAME2.COM } [domain_realm] ..name1.name2.com =3D NAME1.NAME2.COM name1.name2.com =3D NAME1.NAME2.COM Cuando intento hacer: kinit -V Administrador@NAME1.NAME2.COM e ingreso la contrase=F1a correctamente me arroja: kinit: Preauthentication failed while getting initial credentials Todo el problema inicio cuando reinstale el Windows 2008 Nuevamente desde otro CD, no se si el problema es el Windows o la configuracion del Kerberos. Saludos. 2011/5/19 JODACAME <jodacame@gmail.com>: > Cuando intento hacer: > kinit -V Administrador@NAME1.NAME2.COM > e ingreso la contraseña correctamente me arroja: > > kinit: Preauthentication failed while getting initial credentials > > > Todo el problema inicio cuando reinstale el Windows 2008 Nuevamente > desde otro CD, no se si el problema es el Windows o la configuracion > del Kerberos. Acaso re-instalaste y _re-creaste_ el dominio de Active Directory? Podés re-instalar, pero tenés que recuperar los datos del dominio de tus backups. Nico -- Hello. Are you sure that the admin user isn't called administ...

RE: Kerberos error 52 (0x34) when using kinit
Hello Douglas, Thanx for the response. I'll get the latest version from MIT and try again. Regards, Bruce. -----Original Message----- From: Douglas E. Engert [mailto:deengert@anl.gov] Sent: Friday, December 10, 2004 8:57 AM To: Wells, Bruce Cc: kerberos@mit.edu Subject: Re: Kerberos error 52 (0x34) when using kinit Wells, Bruce wrote: > Hello All, > I'm getting the above error when I try to get the initial ticket using > kinit. The KDC is Windows 2003 and the client is running on linux. My > understanding of kerberos and the KDC in particular is that if the KDC > can't send the response back via UDP it will switch over to TCP. My > question is this: Does the client need to programmactically take an > action if it recieves this error or will this be taken care of "under > the hood"? Also the client side (linux), is there a way to force the > communication to occur using TCP? Depends on the release of the Kerberos. MIT 1.2.x did not support TCP, 1.3.x does. Its a recent addition to Java as well. Theylibs wil switch as needed. The krb5.conf [libdefaults] udp_preference_limit = nnn can be used to tell the client to use TCP if the message is over nnn bytes. Setting to 1 in effect says try TCP first. The problem is the ticket is large due to the PAC being included from AD. (IIRC) W2003 servers have a lower cut over size then W2000 servers. > > TIA, > Bruce E. Wells > > -----------------------------...

Error: An error occurred while shelling out to mbuild (error code = 1). #2
uilding COM object... mcc -M -silentsetup -d 'D:/matlab2006/work/testww//src' -B 'ccom:testww,testwwclass,1.0' -g -S 'D:/matlab2006/work/testww.m' mwcomtypes.idl oaidl.idl objidl.idl unknwn.idl wtypes.idl ocidl.idl oleidl.idl servprov.idl urlmon.idl msxml.idl testww_idl.idl oaidl.idl objidl.idl unknwn.idl wtypes.idl ocidl.idl oleidl.idl servprov.idl urlmon.idl msxml.idl mwcomtypes.idl 'rc' &#19981;&#26159;&#20869;&#37096;&#25110;&#22806;&#37096;&#21629;&#2019 6;&#65292;&#20063;&#19981;&#26159;&#21487;&#...

kinit: Key table entry not found while getting initial credentials
Hi Kerberos experts, could anyone help me in addressing this issue since I am a T-O-T-A-L newbie in Kerberos. I have to retrieve kerberos credential in Solaris 5.8 (SEAM 1.0.1) using a windows2003 Active Directory as KDC, and I am compelled to use the credential of a user different from Solaris' user. Let's say I work with user appadm on Solaris and user domuser@resource.corp in AD. AD administrator generated a keytab for my Solaris user in this way: Ktpass -princ kerberos/domuser.resource.corp@RESOURCE.CORP -mapuser domuser -pass [passwd of domuser] -out domuser.keytab and gave me the domuser.keytab file. I configured krb5.conf and stored the content of this keytab file in /etc/krb5/krb5.keytab via ktutil: ktutil: rkt domuser.keytab ktutil: l slot KVNO Principal ---- ---- -------------------------------------------------------------------------- 1 4 kerberos/domuser.resource.corp@RESOURCE.CORP ktutil: wkt /etc/krb5/krb5.keytab ktutil: q Now I think my krb5.conf is correct since I am able to get a TGT via kinit in this way: kinit kerberos/domuser.resource.corp@RESOURCE.CORP then I enter domuser's password and with klist I can see the TGT. But I need to obtain the credentials without entering a password since the kinit command has to be put in the startup script of an application. So I tried this: appadm 99% kinit -k kerberos/domuser.resource.corp@RESOURCE.CORP kinit: Key table entry not found while getting initial credentials :-S ...nothing us...

kinit: Cannot contact any KDC for requested realm while getting initial credentials
Hi, I am having problems with using kinit, with keytab and username/password. When issuing the kinit command I get the following error: kinit: Cannot contact any KDC for requested realm while getting initial credentials There is a firewall between the webservers where I issue the command from and the domain controller. The webservers are able to connect to the domain controller on port 88 over UDP. The webservers are able to resolve themselves and the domain controller, both forward and reverse lookup. Do any of you guys out there have an idea of what is going wrong? Many thanks, Celia ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

newbie: error getting credentials: Server not found in Kerberos database
Hi! I never found the time to deal intensively with kerberos so please indulge me if this is ought to be a stupid question: kinit works. krsh does not: krsh server error getting credentials: Server not found in Kerberos database trying normal rlogin (/usr/bin/rlogin) So, this is what I did so far: server: /etc/krb5.conf: [libdefaults] default_realm = LOCALDOMAIN [realms] LOCALDOMAIN = { kdc = server.localdomain:88 admin_server = server.localdomain:750 } [domain_realm] .localdomain = LOCALDOMAIN localdomain = LOCALDOMAIN [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log /etc/hosts: 127.0.0.1 localhost 192.168.0.2 server server.localdomain real hostname is actually *not* "server"! kadmin.local: addprinc foo client: /etc/krb5.conf [libdefaults] ticket_lifetime = 600 default_realm = LOCALDOMAIN default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc [realms] LOCALDOMAIN = { kdc = server.localdomain:88 admin_server = server.localdomain:750 } [domain_realm] .localdomain = LOCALDOMAIN localdomain = LOCALDOMAIN [kdc] profile = /etc/krb5kdc/kdc.conf [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FI...

2.52: compiling error #2
(resend to mailing list) Hi (sorry my english is bad) I'm trying to build wxWidgets 2.52 with mingw (win XP system)... but these are errors : E:\Comp\wxWindows>make.exe SHARED=1 g++ -shared -o lib/wxmsw252_adv_gcc_www.dll advdll_calctrl.o advdll_grid.o advdl l_gridctrl.o advdll_gridsel.o advdll_helpext.o advdll_laywin.o advdll_sashwin.o advdll_splash.o advdll_tipdlg.o advdll_wizard.o advdll_taskbarcmn.o advdll_sound o advdll_taskbar.o dvdll_joystick.o -mthreads -pg -Llib -Wl,--out-implib, lib/libwx_msw_adv-2.5.dll.a -lwxtiff -lwxjpeg -lwxpng -lwxzlib -lwx...

Error: Windows SDK function returned an error. (Error code -12) #2
I get this error "Error: Windows SDK function returned an error. (Error code -12) The system cannot find the path specified." when I build an installer of my program in Labview. It is looking for a file but it is asking for&nbsp;the Measurement Studio CD. this is the message before the error. &nbsp; Copying products from distributionsCopying distribution 'NI Measurement Studio 8.1.2 for Visual Studio 2005' from: D:\VS2005\ to: C:\Program Files\National Instruments\Shared\ProductCache\ &nbsp; Please help. &nbsp; --Gio sentinel95, greetings! Did you bypass thi...

kadmin: GSS-API (or Kerberos) error while initializing kadmin interface #2
Hi, Can somebody tell me why I can't use kadmin remotely? I can start kadmin on the kdc server by using "kadmin -O". But when I tried to use /usr/kerberos/sbin/kadmin from a client machine to visit the kerberos database, the error as the email title occured. [root@gcnode029 sbin]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin/admin@test.com Valid starting Expires Service principal 07/20/06 17:54:02 07/21/06 17:54:00 krbtgt/test.com@test.com Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@gcnode029 sbin]# kadmin admin/admin Authenticating as principal <mailto:admin/admin@test.com> admin/admin@test.com with password. Password for <mailto:admin/admin@test.com> admin/admin@test.com: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface Thank you for any help! -- LiZhong ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Web resources about - kinit: KRB5 error code 52 while getting initial credentials #2 - comp.protocols.kerberos

Credential Recordings - Wikipedia, the free encyclopedia
Credential Recordings is a Nashville-based record label , focusing generally on the pop rock genre. It began branching out when it agreed on ...

GraphicMail, Janrain Engage Enable Email Newsletter Signup Via Facebook Credentials
... Janrain Engage to its clients’ customizable newsletter signup forms, allowing them to sign in with their Facebook account information, or credentials ...

Discussion of credentials of Maajid Nawaz - Quilliam - YouTube
Glenn Beck discusses the background of Quilliam Chairman Maajid Nawaz on Fox News - The Daily Beck.

Christos Kyrgios has ATP credentials revoked, forced to buy ticket to watch his brother Nick Kyrgios ...
Christos Kyrgios has had his ATP credentials revoked, denied entry to watch his brother Nick in his first round match at the Cincinnati Masters ...

John I Dent Cup: Wests show premiership credentials with entertaining 40-31 win against Royals
Wests showed they can't be discounted as a John I Dent Cup premiership threat on Saturday.

Facebook attacked with credential-harvesting malware - MediaFire, applications, Data Protection - Social ...
Dorkbot variant infection unusual because the criminals exploited a flaw in the file-sharing site MediaFire to spread the malware

Boland pushes Test credentials with five-for
SCOTT Boland rammed home his Test credentials with a five-wicket haul as Victoria put the markers down for a run away Sheffield Shield lead against ...

Obama mocks Romney military credentials
Sky News is Australia's leader in 24-hour news. Barack Obama has aimed to belittle rival Mitt Romney's commander-in-chief credentials, accusing ...

Newly discovered Mac malware tarnishes Apple's security credentials
Apple prides itself on producing more secure gadgets than rivals, but these latest bugs may have iFans worried.

Top AFL draft prospect Christian Petracca proves his midfield credentials
You might already know Christian Petracca. If you like football, like coffee and like to grab one inside the MCG then there's a very good chance ...

Resources last updated: 3/10/2016 10:06:11 PM