[Freeipa-users] Needed_Preauth Issue
David Christensen
david at adurotec.com
Tue Mar 9 00:15:05 UTC 2010
I have two servers that I have installed the ipa-client on, both of
these servers are configured the same way however one is providing
single sign on, the other is not and instead prompts for a password when
a user logs in
I did verify that DNS is configured correctly for both servers. I issue
kinit prior to logging into either server and verified that I have a
valid ticket for both servers, but the failing server remains unchanged.
When I look at the krb5kdc.log I see the following for the server that
is prompting for a password:
Mar 08 23:25:53 ipa1.example.net krb5kdc[12320](info): AS_REQ (12 etypes
{18 17 16 23 1 3 2 11 10 15 12 13}) 10.200.3.131: NEEDED_PREAUTH:
davidc at EXAMPLE.NET for krbtgt/EXAMPLE.NET at EXAMPLE.NET, Additional
pre-authentication required
Mar 08 23:25:53 ipa1.example.net krb5kdc[12320](info): AS_REQ (12 etypes
{18 17 16 23 1 3 2 11 10 15 12 13}) 10.200.3.131: ISSUE: authtime
1268090753, etypes {rep=18 tkt=18 ses=18}, davidc at EXAMPLE.NET for
krbtgt/EXAMPLE.NET at EXAMPLE.NET
Where else should I look to find the root cause of this issue? What
typically causes this type of symptom?
Thanks in advance.
--
David Christensen
More information about the Freeipa-users
mailing list