questions about pre-auth

Sam Hartman hartmans at MIT.EDU
Thu Jun 10 15:00:06 EDT 2004

>>>>> "Pierre" == Pierre Goyette <pierre at> writes:

    Pierre> Jeff, I was taking some network traces an noticed that the
    Pierre> client (even 2.6.3) always first makes a basic AS-REQ and
    Pierre> then if it fails with a PREAUTH_REQUIRED, then makes a new
    Pierre> attempt with the preauthentication data.

    Pierre> Is there an option in the Windows client so that the
    Pierre> client always includes the preauthenication data in the
    Pierre> first AS-REQ ?

There is an API for this but it is not exposed through the UI.  As
Kerberos evolves this will become less and less useful because the
proper preauth to use will be less obvious and because the client is
more likely to need information from the server in order to construct
the first request.

More information about the Kerberos mailing list