handling of kerberos error in win2k

Lara Adianto m1r4cle_26 at yahoo.com
Mon Jun 21 03:01:35 EDT 2004


I'm experimenting with MIT KDC and windows 2000 as the
client that authenticates to MIT KDC, and I might need
to replace the GINA in the windows client in order to
achieve what I want. 

Does anybody know, in windows 2000, who (LSA, GINA,
SSP) handles the following issue and how it is handled
1. If the authentication is failed because MIT KDC
KDC_ERR_KEY_EXPIRED, how does the SSP (I believe it's
SSP who captured this error from KDC) tell the GINA
about the failed login ? Will SSP tell GINA the exact
error message (KDC_ERR_PREAUTH_REQUIRED or
KDC_ERR_KEY_EXPIRED) or will SSP return another type
of error code or even a general error code (in this
case GINA is not aware of what caused the error) ?

2. who (GINA, LSA,...) logs the error to event viewer

This might not be the right forum to discuss it, but
I'm not sure to which mailing list I can address this

thank you,

La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -

Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.

More information about the Kerberos mailing list