HELP!! invalid AS-REP from Linux running MIT Kerberos V5
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Jul 13 18:46:43 EDT 2006
On Tuesday, July 11, 2006 07:20:18 PM -0400 Marcus Watts <mdw at umich.edu>
wrote:
> Looks like it's working as coded. All of this logic appears to have
> been in MIT since at least kerberos "1.0" in, um, 1995 --presumably
> the older clients mentioned in the comment ought not be there anymore
> so KRB5_ENCKRB5KDCREPPART_COMPAT could be not defined.
Last I checked, we actually had such broken clients _deployed_, in the form
of Cisco terminal servers. We run a Heimdal KDC, which has a configuration
option to control this behavior. We have to have it set to the
non-compliant mode, because of the broken clients.
-- Jeff
More information about the Kerberos
mailing list