You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by Marc Boorshtein <mb...@gmail.com> on 2010/02/17 14:37:48 UTC

[Kerberos Client] Pre-auth failing with Windows 2003r2

All,

I've been trying to setup a control to be able to develop the s4u
extensions in the kerberos client.  I've gotten the ticket to the
point that the windows KDC does not throw an "unknown" error,
primarily by changing the encryption type to RC4-HMAC.  Now the kdc is
telling me pre-authentication fails.  I've got kinit working, so I
know its not a password issue, time synchronization or configuration
issue.  One thing I don't understand is, how does the KDC know what
the encrypted timestamp should be?  I know its encrypted by the
client, but what is it comparing it to?  Is the plain text timestamp
stored in the request ticket with the pre-authentication data?

Thanks

Marc