Unexpected return codes from KDC -- krb5-1.6.3
Mike Friedman
mikef at berkeley.edu
Thu Jan 29 17:50:53 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 29 Jan 2009 at 17:44 (-0500), Tom Yu wrote:
> Do you get this sort of mismatched error code for a client principal
> that does not have REQUIRES_PRE_AUTH set?
Tom,
With 1.6.3 kinit, without REQUIRES_PREAUTH, I now get the expected
message:
Password expired. You must change it now.
However, with 1.4.2 kinit and with my API program built with earlier MIT
libraries, I still get 'Password incorrect while getting initial
credentials' from kinit and RC=31, 'decrypt integrity check' from my
program.
So, what's going on here?
Mike
_________________________________________________________________________
Mike Friedman Information Services & Technology
mikef at berkeley.edu 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://mikef.berkeley.edu http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAkmCMs0ACgkQFgKSfLOvZ1TGQwCeI8el2hrH6baUtgWw31XcPM05
e0sAn3927DaRB1uXv3PeI4KN9DYTPZyS
=qXuF
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list