java, kerberos, telnet authentication
Brett K.
junkaddr at hotmail.com
Tue Aug 20 19:36:32 EDT 2002
Hello,
> Second, I am receiving an error 'clockskew too big' (RD_AP_TIME) from
> the reply from the TGS. When I look at the timestamp on the initial
> credentials obtained from the AS, they are within seconds of my own
> clock. Any ideas why I might be receiving this error, how I can debug
> it further (anyone running a test server that I can try to communicate
> with?), or any other advice?
After reading the source code and tracing the function calls, I
determined that jkrb/jkrb4/krb4/lib/Krb4Authenticator::encode() calls
Krb4Encode::toBytes(int, false) on the timestamp, but
Krb4Encode::toBytes() should be called instead (endianness issue).
I'm now one step closer as the KDC server is properly accepting my TGT
and replying, but unfortunately the telnet server is replying with a
REJECT of the request that I'm sending ("Can't decode authenticator
(krb_rd_req)"). I'm not sure that this error is a result of javak
since I also receive this error using KTelnet
(http://www.stacken.kth.se/~thn/ktelnet/). Any probable causes for
receiving this error?
-Brett
More information about the Kerberos
mailing list