No subject

[viswanadha, kamakshi]

Hi !

I don't know, posting my question here appropriate or no.

I have a issue with Microsoft client using kerberos authentication.

 When I am testing ipsec with windows client.

During Phase1 negotiation of ipsec kerberos authentication is used.(We are
following the RFC A GSS-API Authentication Method for IKE)

1st every thing works fine .SAs get established.

Later when our server's password gets changed, ipsec negotiation fails.
Because windows client is still using the old ticket for our server.

Accept_sec_context at our server fails with error  "KRB5KRB_AP_ERR_MODIFIED"

Any help is appreciated.

Thanks & Regards.
kamakshi.