1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.KERBEROS

  • "Socket type not supported" with OTP

    From BuzzSaw Code@21:1/5 to All on Mon Jan 9 23:15:43 2023
    I've setup some new RHEL8 KDCs that will use the otp feature - I have
    this working on RHEL7 without issues.

    But on the RHEL8 hosts I'm getting "preauth (otp) verify failure:
    Socket type not supported" errors.

    Each KDC has a local radius server listening on the IPv6 loopback, so
    the kdc.conf has this for the otp config:

    [otp]
    DEFAULT = {
    server = localhost6:1812
    secret = mysecret
    strip_realm = true
    }

    Is there a way to debug the KDC process further to see why it doesn't
    like that loopback without building a custom debug kdc ?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From BuzzSaw Code@21:1/5 to buzzsaw.code@gmail.com on Wed Jan 11 12:25:51 2023
    Looks like I get to answer my own question, FIPS mode breaks the
    normal OTP setup in RHEL8:

    https://bugzilla.redhat.com/show_bug.cgi?id=1872689

    Bleah.

    On Mon, Jan 9, 2023 at 11:15 PM BuzzSaw Code <buzzsaw.code@gmail.com> wrote:

    I've setup some new RHEL8 KDCs that will use the otp feature - I have
    this working on RHEL7 without issues.

    But on the RHEL8 hosts I'm getting "preauth (otp) verify failure:
    Socket type not supported" errors.

    Each KDC has a local radius server listening on the IPv6 loopback, so
    the kdc.conf has this for the otp config:

    [otp]
    DEFAULT = {
    server = localhost6:1812
    secret = mysecret
    strip_realm = true
    }

    Is there a way to debug the KDC process further to see why it doesn't
    like that loopback without building a custom debug kdc ?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)