Pam kerberos vs. Kinit

Wyllys Ingersoll wyllys.ingersoll at sun.com
Fri Mar 18 08:10:39 EST 2005


Douglas E. Engert wrote:
> >
> > I've just run another test and discovered that I can successfully
> > log into the host initially (via PAM kerberos library and SSH), and
> > I don't get error 52. I've got a ticket in my cache and
> > everything. Kerb error 52 only occurs if I'm using kinit from the
> > shell.
>
>
>  You could be right on the cut over point, and maybe addressless vs
>  with address tickets keep the ticket just small enough.

When the client does not do pre-authentication, does AD still
send PAC data?  I thought it did not, but I'm not certain.

-Wyllys


More information about the Kerberos mailing list