On Feb 17, 2008 10:10 PM, wrote:
> Hello,
>
> I am receiving a "kint(v5): Password incorrect while getting initial
> credentials" error after entering a password in response to a prompt
> following a kinit command (kinit user/my.domain@MY.REALM). I know
> that I am entering the correct password. The database seems to be
> fine; I can get a ticket as root through:
> kinit -k -t /etc/krb5.keytab user/my.domain@MY.REALM
>
> I am wondering if this could have anything to do with a
> preauthentication requirement. My KDC.conf has a default principal
> flag of +preauth.
>
> Does this flag require any preliminary steps to authenticate before
> (or during) kinit?
>
> May there be anything else that I am missing?
>
> Thanks a lot.
>


If 'user/my.domain@MY.REALM' is the same in both cases, the reason you
can't authenticate with a password is because you created the keytab.
The act of creating a keytab causes a new random key to be generated
and placed in the Kerberos database and into the keytab. There is no
password associated with that key and you will only be able to
authenticate as that principal using the keytab.

If you want to authenticate with a password, do a "cpw" in kadmin for
the principal (and do not do a "ktadd").