kerberos password change in master-slave environment
Sam Hartman
hartmans at MIT.EDU
Wed Mar 24 21:22:47 EST 2004
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
>> Unfortunately, PREAUTH_FAILED corresponds to the password being deemed
>> incorrect, since we have requires_preauth on all user principals.
Ken> Ever hear of the phrase, "a little knowledge is dangerous"? :-)
Ken> KRB5_PREAUTH_FAILED is an internal client-side library error.
Ken> KRB5KDC_ERR_PREAUTH_FAILED is returned by the KDC when preauth has failed.
Hmm, I would have gotten this one wrong too.
As a side note, 1.3 KDCs should return decrypt integrity check not
KRB5KDC_ERR_PREAUTH_FAILED for incorrect password with preauth.
More information about the Kerberos
mailing list