Win logon to a MIT Kerberos V KDC?

Tony Hoyle tmh at
Mon Sep 30 17:26:17 EDT 2002

On Sat, 28 Sep 2002 12:45:53 +0100, Tony Hoyle wrote:

> I've tried that... no help.  I'm beginning to suspect the KDC is stuffed
> anyway...  The Win MIT Kerberos client can't authenticate to it either,
> so there's something badly wrong somewhere (apart from it being Windows
> :-)

OK I found my Win copy of MIT was borked.  I managed to find a precompiled
windows version which works better than mine.  It now connects using that
so I know that the timezones etc. are OK.

Win2k still doesn't connect directly at all:

With REQUIRES_PREAUTH on both user and host:

Sep 30 22:16:27 sisko krb5kdc[200]: AS_REQ (7 etypes {23 -133 -128 3 1 24
krbtgt/NODOMAIN.ORG at NODOMAIN.ORG, Additional pre-authentication required

With REQUIRES_PREAUTH on just host:

Sep 30 22:17:53 sisko krb5kdc[200]: TGS_REQ (7 etypes {23 -133 -128 3 1 24
-135}) NO PREAUTH: authtime 1033420673, 
tmh at NODOMAIN.ORG for host/ at NODOMAIN.ORG, Generic error
(see e-text)
(Along with dialog 'Insufficient system resources exist to
complete the requested service')

With no preauthentication login succeeds.

Perhaps it's the client/server versions?

The Win2k client is Win2k SP3 w/256MB.  The KDC is MIT Kerberos 1.2.5.


More information about the Kerberos mailing list