UNKNOWN_SERVER Error on KRB5?
Tom Yu
tlyu at MIT.EDU
Wed May 12 17:24:27 EDT 2004
>>>>> "JBryant" == Joe Bryant <JBryant at RiteAid.com> writes:
JBryant> Yes, it does. But I have given both the same password,
JBryant> changed them both MANY times to be sure I did it right, and
JBryant> more importantly, CAN get a tgt from leash32.
An explanation of some of the preauth errors is that the krb5-1.2.x
series had a bug where a decryption failure in the enc-timestamp
verification code in the KDC would result in a "No matching key in
entry" error. Regarding the decryption failure itself, I wonder if
there's some incorrect string-to-key transformation happening. If the
principal name somehow getting downcased when constructing the salt
string (which can include parts of the principal name), that might
lead to the sort of decryption failure you're seeing.
---Tom
More information about the Kerberos
mailing list