[krbdev.mit.edu #7033] krb5 1.10 KRB5_PADATA_ENC_TIMESTAMP isn't working
Arlene Berry via RT
rt-comment at krbdev.mit.edu
Wed Nov 30 16:46:43 EST 2011
There shouldn't be a preauth required error. We ask for KRB5_PADATA_ENC_TIMESTAMP to avoid the no preauth/preauth required exchange so our first AS_REQ should have preauth data in it. We always set default_tgs_enctypes, default_tkt_enctypes, and preferred enctypes in our krb5.conf so it should have chosen the first one from the appropriate setting. I think without setting anything, it used to choose one from the library defaults but it's been a long time since I looked at that. This worked as of about early August with your trunk. The KDC is Active Directory.
More information about the krb5-bugs
mailing list