Different error codes between AD KDC and MIT KDC
Mike Friedman
mikef at ack.Berkeley.EDU
Wed Jun 14 19:42:31 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've been testing some Kerberos authentication code against both my MIT K5
KDC and a Windows Active Directory KDC. In both cases, I'm using
pre-authentication. However, when I enter an incorrect password, the MIT
KDC returns 31 (decrypt integrity check failure), whereas the AD KDC
returns 24 (preauth failure). I'm just wondering what might account for
the different responses.
In fact, this behavior doesn't cause me any problems, since I treat both
as meaning that an incorrect password was entered.
Is this just a difference in the way the two KDC implementations define
the meaning of the return codes? Or might there be a difference in the
way the principals are defined in the two KDCs?
Thanks.
Mike
_____________________________________________________________________
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
_____________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBRJCe6q0bf1iNr4mCEQI+bgCeLLYweH2/ZbbAsbFonI5d1Oz6yW0An1tB
psubux0bChB7f8zKbsoxLMhp
=D3SX
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list