You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Frank Ren (JIRA)" <ji...@apache.org> on 2013/04/11 02:03:15 UTC
[jira] [Created] (DIRKRB-90) heimdal "Bad response" "during
sendauth exchange"
Frank Ren created DIRKRB-90:
-------------------------------
Summary: heimdal "Bad response" "during sendauth exchange"
Key: DIRKRB-90
URL: https://issues.apache.org/jira/browse/DIRKRB-90
Project: Directory Kerberos
Issue Type: Bug
Affects Versions: 2.0.0-M11
Environment: Ubuntu 10.04, 64bit
Reporter: Frank Ren
Assignee: Emmanuel Lecharny
I was trying to setup nfs with kerberos. Got a Bad response. I'll paste the (1) command lines, and (2) server log.
It seems that kadmin ignored the failure of the first authenticate.
Can someone help?
----
(1) command lines
root@dreadnought:/etc# kinit wang2/admin
wang2/admin@ROMEO-FOXTROT.COM's Password:
root@dreadnought:/etc# klist -v
Credentials cache: FILE:/tmp/krb5cc_0
Principal: wang2/admin@ROMEO-FOXTROT.COM
Cache version: 4
Server: krbtgt/ROMEO-FOXTROT.COM@ROMEO-FOXTROT.COM
Client: wang2/admin@ROMEO-FOXTROT.COM
Ticket etype: aes128-cts-hmac-sha1-96
Ticket length: 261
Auth time: Apr 11 07:47:47 2013
End time: Apr 11 17:47:47 2013
Ticket flags: forwardable, proxiable, initial, pre-authenticated
Addresses: addressless
root@dreadnought:/etc# kadmin
kadmin> ext_keytab -k /etc/krb5.keytab nfs/dreadnought.romeo-foxtrot.com@ROMEO-FOXTROT.COM
wang2/admin@ROMEO-FOXTROT.COM's Password:
kadmin: ext nfs/dreadnought.romeo-foxtrot.com@ROMEO-FOXTROT.COM: Bad response (during sendauth exchange)
----
(2) server log
[07:47:47] ERROR [org.apache.directory.server.KERBEROS_LOG] - No timestamp found
[07:47:47] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
[07:47:47] WARN [org.apache.directory.server.KERBEROS_LOG] - Additional pre-authentication required (25)
[07:48:30] ERROR [org.apache.directory.server.KERBEROS_LOG] - No timestamp found
[07:48:30] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
[07:48:30] WARN [org.apache.directory.server.KERBEROS_LOG] - Additional pre-authentication required (25)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira