Win logon to a MIT Kerberos V KDC?
Tony Hoyle
tmh at nodomain.org
Mon Sep 30 17:26:17 EDT 2002
On Sat, 28 Sep 2002 12:45:53 +0100, Tony Hoyle wrote:
> I've tried that... no help. I'm beginning to suspect the KDC is stuffed
> anyway... The Win MIT Kerberos client can't authenticate to it either,
> so there's something badly wrong somewhere (apart from it being Windows
> :-)
OK I found my Win copy of MIT was borked. I managed to find a precompiled
windows version which works better than mine. It now connects using that
so I know that the timezones etc. are OK.
Win2k still doesn't connect directly at all:
With REQUIRES_PREAUTH on both user and host:
Sep 30 22:16:27 sisko krb5kdc[200]: AS_REQ (7 etypes {23 -133 -128 3 1 24
-135}) 192.168.2.251(88): NEEDED_PREAUTH: tmh at NODOMAIN.ORG for
krbtgt/NODOMAIN.ORG at NODOMAIN.ORG, Additional pre-authentication required
With REQUIRES_PREAUTH on just host:
Sep 30 22:17:53 sisko krb5kdc[200]: TGS_REQ (7 etypes {23 -133 -128 3 1 24
-135}) 192.168.2.251(88): NO PREAUTH: authtime 1033420673,
tmh at NODOMAIN.ORG for host/data.nodomain.org at NODOMAIN.ORG, Generic error
(see e-text)
(Along with dialog 'Insufficient system resources exist to
complete the requested service')
With no preauthentication login succeeds.
Perhaps it's the client/server versions?
The Win2k client is Win2k SP3 w/256MB. The KDC is MIT Kerberos 1.2.5.
Tony
More information about the Kerberos
mailing list