Windows XP and Kerberos auth

Jeffrey Altman jaltman2 at nyc.rr.com
Thu Jun 17 15:42:04 EDT 2004


Perhaps the machine password was sent incorrectly.
How did you choose a password for host/damasco.ime.unicamp.br?


Rodolfo Broco Manin wrote:
> Hi, all!
> 
> I'm configuring a Windows XP Professional workstarion to log on using MIT
> Kerberos authentication.  So, I used the Windows 2000 "ksetup.exe" tool to
> configure the client's registry and created a local account with the same
> name of my test principal.
> 
> The "host/xxx" and the user's principals exists at KDC - booth with
> "des-cbc-crc:normal" encryption type (i also tryed the default one early).
> 
> Problem is: I still having the "Username or password incorrect bla bla
> bla..." error at login.
> 
> Apparently, the Windows box is getting a ticket.  When I type the correct
> password, my KDC logs:
> 
> ----------------------------
> Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): AS_REQ (7 etypes
> {23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
> etypes {rep=3 tkt=23 ses=23}, guest at IME.UNICAMP.BR for
> krbtgt/IME.UNICAMP.BR at IME.UNICAMP.BR
> Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): AS_REQ (7 etypes
> {23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
> etypes {rep=3 tkt=23 ses=23}, guest at IME.UNICAMP.BR for
> krbtgt/IME.UNICAMP.BR at IME.UNICAMP.BR
> Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): TGS_REQ (7 etypes
> {23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
> etypes {rep=23 tkt=1 ses=1}, guest at IME.UNICAMP.BR for
> host/damasco.ime.unicamp.br at IME.UNICAMP.BR
> Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): TGS_REQ (7 etypes
> {23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
> etypes {rep=23 tkt=1 ses=1}, guest at IME.UNICAMP.BR for
> host/damasco.ime.unicamp.br at IME.UNICAMP.BR
> ----------------------------
> 
> (if the password is incorrect, the "TGS_REQ" messages don't shows up)
> 
> The output of "ksetup" at this windows box looks like:
> 
> ----------------------------
> default realm = IME.UNICAMP.BR (external)
> IME.UNICAMP.BR:
>         kdc = lvs.ime.unicamp.br
> Mapping all users (*) to a local account by the same name (*).
> ----------------------------
> 
> Using a specific mapping ("guest at IME.UNICAMP.BR" => "guest") results the
> same error.
> 
> My Linux and Solaris clients logs on this user with no problems at all,
> and I can get a ticket issuing "kinit" (from KfW) for this user.
> 
> There are some posts about a windows registry's "debug level setting" key
> for kerberos ([...]/Lsa/Kerberos/Parameters/LogLevel = 1), but I think it
> doesn't work on Windows XP (not at mine).
> 
> Some idea??
> 
> Tnks in advice!!
> 
> []s!
> Rodolfo
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu


More information about the Kerberos mailing list