krb5 error code 68
Ken Raeburn
raeburn at MIT.EDU
Sun Nov 23 18:10:02 EST 2003
noolyg at yahoo.com (Noolyg) writes:
> hi,
>
> I'm using MIT's kerberos and trying to check if a user is in the
> kerberos DB.
> The way i'm doing this is:
> retval = krb5_get_init_creds_keytab(con, &creds, user_princ, 0, 0, 0,
> 0);
> if(retval == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN) {
> // NOT_USER;
> }
> Is there a better way?
>
> Sometimes i get the "KRB5 error code 68" for no known reason, and if i
> try again after a while, i don't get it anymore.
> Why does that happen, what does this error code mean?
According to draft-ietf-krb-wg-kerberos-referrals-02 (expired), it's
an error returned when the client principal name specified is not the
correct canonical name/realm for the principal. It's probably only
returned by a Microsoft AD server, currently.
That doesn't explain why waiting makes it work, though....
Ken
More information about the Kerberos
mailing list