Unexpected return codes from KDC -- krb5-1.6.3

Mike Friedman mikef at berkeley.edu
Thu Jan 29 17:50:53 EST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 29 Jan 2009 at 17:44 (-0500), Tom Yu wrote:

> Do you get this sort of mismatched error code for a client principal 
> that does not have REQUIRES_PRE_AUTH set?

Tom,

With 1.6.3 kinit, without REQUIRES_PREAUTH, I now get the expected 
message:

    Password expired.  You must change it now.

However, with 1.4.2 kinit and with my API program built with earlier MIT 
libraries, I still get 'Password incorrect while getting initial 
credentials' from kinit and RC=31, 'decrypt integrity check' from my 
program.

So, what's going on here?

Mike

_________________________________________________________________________
Mike Friedman                        Information Services & Technology
mikef at berkeley.edu                   2484 Shattuck Avenue
1-510-642-1410                       University of California at Berkeley
http://mikef.berkeley.edu            http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkmCMs0ACgkQFgKSfLOvZ1TGQwCeI8el2hrH6baUtgWw31XcPM05
e0sAn3927DaRB1uXv3PeI4KN9DYTPZyS
=qXuF
-----END PGP SIGNATURE-----



More information about the Kerberos mailing list