kinit des and Win2k
melissa_benkyo
wyl_lyf at yahoo.com
Tue May 25 09:08:46 EDT 2004
hello, thanks for the info
> Windows 2000 AD yes, but Windows 2003 AD maybe. krb5-1.2 does not support
> TCP but krb5-1.3.x does. If you user are in many groups, the ticket will
> be big and require TCP.
I think the user just belongs to one group so there should be a
problem. :(
> But what is in the krb5.conf? Have you set default_tkt_enctypes and
> default_tgs_enctypes?
yup my default_xxx_enctypes are as follows
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
> You mean the kinit fails with some pre authentication message?
> What is the message?
the message I'm getting is from windows AD because it requires
authentication. But I think by setting the Use DES it should be able
to pre-authenticate. I'm insisting on doing pre-authentication since
this is actually an added security measure. :D
My error message is as follows:
Pre-authentication failed:
UserName: mango
UserID: TESTING\mango
ServiceName: krbtgt/TESTING.COM
Pre-Authentication Type: 0x0
Failure Code : 0x19
Client Address : <ip>
> If possible upgrade to krb5-1.3.x for better interoperability with Windows.
oki. just wanted to make sure if this version I have is lacking
interoperability features or its just my setup that's not right.
thanks for the help! much appreciated!
More information about the Kerberos
mailing list