[21072] in Athena Bugs
Re: Login puzzle
daemon@ATHENA.MIT.EDU (Derek Atkins)
Thu Nov 14 13:58:13 2002
To: Tom Cavin <cavin@mit.edu>
Cc: SIPB Linux Help <linux-help@mit.edu>, Athena Bugs list <bugs@mit.edu>
From: Derek Atkins <warlord@MIT.EDU>
Date: 14 Nov 2002 13:52:58 -0500
In-Reply-To: <15827.60819.86320.334283@lap1-wccf.mit.edu>
Message-ID: <sjm3cq4htkl.fsf@kikki.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
The problem is that the KDC thinks you have a srvtab but your host
does not. You need to get a new keytab/srvtab.
Tom Cavin <cavin@MIT.EDU> writes:
> My Questions:
>
> 1. What tools can I use to get the srvtab/keytab versions so I can
> compare local files with the corresponding versions on the KDC?
Email accounts...
> 2. What happens in normal login process for a normal user that isn't
> happening here?
Once xlogin obtains a TGT for the user, it attempts to acquire a
host/<HOSTNAME> ticket from the KDC. If that succeeds it attempts
to krb_rd_req to ReaD the REQuest to make sure you're not being
spoofed by the KDC.
> 3. What does the error message from krb_rd_req mean? And more
> generally, where can I find documentation on these errors?
This means that the rd_req is failing (because your srvtab/keytab
does not match the entry in the KDC).
> 4. Is there a way to get the system to tell me what's different or
> missing?
Just get a new srvtab/keytab.
> Thanks,
>
> --Tom
>
> P.S. The expected recovery procedure is to get a new srvtab from accounts
> and then reinstall the system. I would like to know what happened so I can
> either repair it or recognize it and tell people not to do it. --tec
You dont (necessarily) need to re-install -- you just need a new
srvtab/keytab.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
