Shall I capture Kerberos-password failure error message ALONE?

Jeffrey Altman jaltman2 at nyc.rr.com
Thu Feb 2 12:31:39 EST 2006


Surendra Babu A wrote:
> Hi Kerbros Team,
> 
> If I enter the wrong passowrd at KDc client, the KDC server gives the response of PREAUTH_FAULRE error. Right? 
> 
> 1. Is there anyway, i can get password failure error message? Is it true that 
> "Password verification will be done before sending preauth failure message?" 

If you are using pre-authentication then the error you receive will be a
pre-auth error.

If you are not using pre-authentication then the KDC will send a TGT
encrypted in the long term key to anyone that asks.  In that case the
decryption failure due to the incorrect password is identified by the
client and a password error is produced.  The KDC does not send
incorrect password errors.


Jeffrey Altman



More information about the Kerberos mailing list