Shall I capture Kerberos-password failure error message ALONE?
Jeffrey Altman
jaltman2 at nyc.rr.com
Thu Feb 2 12:31:39 EST 2006
Surendra Babu A wrote:
> Hi Kerbros Team,
>
> If I enter the wrong passowrd at KDc client, the KDC server gives the response of PREAUTH_FAULRE error. Right?
>
> 1. Is there anyway, i can get password failure error message? Is it true that
> "Password verification will be done before sending preauth failure message?"
If you are using pre-authentication then the error you receive will be a
pre-auth error.
If you are not using pre-authentication then the KDC will send a TGT
encrypted in the long term key to anyone that asks. In that case the
decryption failure due to the incorrect password is identified by the
client and a password error is produced. The KDC does not send
incorrect password errors.
Jeffrey Altman
More information about the Kerberos
mailing list