Kerberos V on Win XP

Turbo Fredriksson turbo at bayour.com
Wed Sep 25 08:12:07 EDT 2002


Quoting Turbo Fredriksson <turbo at bayour.com>:

> I've been trying to get Kerberos V to work (as a client)
> on my Win98 at home without success - timestamp problems.
> 
> Now I've tried on a WinXP at work. Same thing. The time
> is correct!
> 
> I'm not sure of the timezone though...
> 
> On the Kerberos server (a Debian GNU/Linux) it's :
> 
>         Fri Sep 20 18:24:49 CEST 2002
> 
> On the windows machine, it say
> 
>         (GMT+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien
> 
> which is correct.
> 
> Any problem between 'CEST' and 'GMT+01:00'?

More investigations. This time on a Windows 2k Pro (newly installed
only for this!).

Got the log window on Leash32. Shows:

----- s n i p -----
[first time]
lrealm is MYREALM
krb_udp_port is 88
Getting host entry for FQDNOFKDC..
Got it.
Sending message to IPTOKDC..
SentWaiting for reply..
received packet from IPTOKDC
Received it
Clen is 104
Trying next_string_to_key[1]
Remembering 1
local 1032955279, server 1032955286
local time: Wed Sep 25 14:01:19 2002
server time: Wed Sep 25 14:01:19 2002

[second time]
lrealm is MYREALM
krb_udp_port_conf is 88
krb_udp_port is 88
Getting host entry for FQDNOFKDC..
Got it.
Sending message to IPTOKDC..
SentWaiting for reply..
received packet from IPTOKDC
Received it
Clen is 104
Trying next_string_to_key[1]
Remembering 1
local 1032955448, server 1032955448
local time: Wed Sep 25 14:04:08 2002
server time: Wed Sep 25 14:04:08 2002
----- s n i p -----

First time the time was 7 seconds appart. Rerun 'ntpdate' on
the KDC. The second time I tried Leash32, the time matched
PERFECTLY!

Still, I get only Krb4 tickets, no Krb5! The KDC
says: 'preauth (timestamp) verify failure: No matching key in entry'.


Any idea anyone?


I've tried to get a ticket with 'kinit -5A' as well, didn't
work either...
-- 
CIA colonel Honduras Delta Force supercomputer Kennedy spy Semtex
explosion class struggle Panama Ortega Soviet $400 million in gold
bullion quiche
[See http://www.aclu.org/echelonwatch/index.html for more about this]



More information about the Kerberos mailing list