Kerberos: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 13: | Line 13: | ||
[http://cryptnet.net/mirrors/docs/krb5api.html API Documentation] |
[http://cryptnet.net/mirrors/docs/krb5api.html API Documentation] |
||
=== bofh's Kerberos5 cheat sheet, or "what the fuck does *that* error message mean, exactly?" === |
|||
- If GSSAPI complains about "Wrong Principal in Request", make sure there's no clockskew on the machine trying to get the service ticket and the machine running the service that you are trying to get a GSS token to. This will cause this error for some insane reason, despite there being ANOTHER message for clockskew that specifically says "your clocks are off, dumbass" - it just never seems to be used in the source code anywhere (as of MIT-KRB5 1.9, at least). |
Revision as of 12:21, 16 August 2013
We use MIT Kerberos 5 for authentication. Our kerberos realm is CSCLUB.UWATERLOO.CA. KDCs run on ginseng (kdc1) and artificial-flavours (kdc2).
Password Resets
To change your own password you can run passwd on any of the club's machines.
Changing other users' passwords
- ssh ginseng
- sudo kadmin.local
- cpw username
- Enter new password and confirm
bofh's Kerberos5 cheat sheet, or "what the fuck does *that* error message mean, exactly?"
- If GSSAPI complains about "Wrong Principal in Request", make sure there's no clockskew on the machine trying to get the service ticket and the machine running the service that you are trying to get a GSS token to. This will cause this error for some insane reason, despite there being ANOTHER message for clockskew that specifically says "your clocks are off, dumbass" - it just never seems to be used in the source code anywhere (as of MIT-KRB5 1.9, at least).