Getting MIT Client(Win) to talk to Unix KDC

Tony Hoyle tmh at
Sat Sep 28 07:39:56 EDT 2002

I've got a problem trying to auth with an MIT KDC on Linux from a windows
MIT Kerberos client (1.2.2, although I could probably upgrade to 1.2.4 if
required).  The error I'm getting appears to imply clock
skew, but the machines are synchronised with each other using NTP, and are
on the same timezone.  Sniffing the packets with ethereal reveals the same
time on packets in both directions.

Sep 28 12:27:15 sisko krb5kdc[21145]: preauth (timestamp) verify failure:
No matching key in entry Sep 28 12:27:15 sisko krb5kdc[21145]: AS_REQ (3
etypes {16 1 3}) PREAUTH_FAILED: tmh at NODOMAIN.ORG for
krbtgt/NODOMAIN.ORG at NODOMAIN.ORG, Preauthentication failed

Is there a way of increasing the verbosity of the logging, for example to
print out both timestamps, or a more meaningful error?


More information about the Kerberos mailing list