directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <>
Subject [Kerberos Client] Pre-auth failing with Windows 2003r2
Date Wed, 17 Feb 2010 13:37:48 GMT

I've been trying to setup a control to be able to develop the s4u
extensions in the kerberos client.  I've gotten the ticket to the
point that the windows KDC does not throw an "unknown" error,
primarily by changing the encryption type to RC4-HMAC.  Now the kdc is
telling me pre-authentication fails.  I've got kinit working, so I
know its not a password issue, time synchronization or configuration
issue.  One thing I don't understand is, how does the KDC know what
the encrypted timestamp should be?  I know its encrypted by the
client, but what is it comparing it to?  Is the plain text timestamp
stored in the request ticket with the pre-authentication data?



View raw message