Unexpected return codes from KDC -- krb5-1.6.3
Tom Yu
tlyu at MIT.EDU
Thu Jan 29 17:44:40 EST 2009
Mike Friedman <mikef at berkeley.edu> writes:
> But the fact that kinit seems to be acting the same way would appear to be
> the significant point.
Yes.
> Here's what getprinc shows:
>
> kadmin.local: getprinc mikef
> Principal: mikef at BERKELEY.EDU
> Expiration date: [never]
> Last password change: Tue Jan 27 14:41:56 PST 2009
> Password expiration date: Wed Jan 28 11:00:16 PST 2009
> Maximum ticket life: 0 days 10:00:00
> Maximum renewable life: 7 days 00:00:00
> Last modified: Thu Jan 29 11:00:16 PST 2009 (root/admin at BERKELEY.EDU)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
> Number of keys: 4
> Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
> Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
> Key: vno 1, ArcFour with HMAC/md5, no salt
> Key: vno 1, DES cbc mode with CRC-32, no salt
> Attributes: REQUIRES_PRE_AUTH
> Policy: [none]
Do you get this sort of mismatched error code for a client principal
that does not have REQUIRES_PRE_AUTH set?
More information about the Kerberos
mailing list