[30253] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: pamkrbval: KDC policy rejects request for this entry

daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Aug 27 15:49:29 2008

To: "Richard Curtis" <ricurtis@gmail.com>
From: Tom Yu <tlyu@mit.edu>
Date: Wed, 27 Aug 2008 15:49:10 -0400
In-Reply-To: <5745a7060808261135s26134f5bg495452c33920af1f@mail.gmail.com>
	(Richard Curtis's message of "Tue, 26 Aug 2008 19:35:55 +0100")
Message-ID: <ldvr68aw85l.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

"Richard Curtis" <ricurtis@gmail.com> writes:

> Hi,
>   I am trying to get an HPUX 11i box to authenticate against our
> active directory (Windows 2003r2) domain with kerberos but I am
> getting nowhere fast.
>
> As per the docs I have, I have created a user account in active
> directory, then used "ktpass -princ
> host/unix_client.domain.host.com@DOMAIN.HOST.COM -mapuser unix_lient
> -pass <pass> -out c:\krb5.keytab"
> The keytab looks fine when I used ktutil, but I cannot do a kinit... I
> keep getting "KDC policy rejects request for this entry"

It may be that the AD server is forbidding the use of the
"host/unix_client.domain.host.com" principal as a client principal.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30253] in Kerberos

Re: pamkrbval: KDC policy rejects request for this entry

daemon@ATHENA.MIT.EDU (Tom Yu)Wed Aug 27 15:49:29 2008

daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Aug 27 15:49:29 2008