Kerberos, Windows2008 RODC and ticket forwarding Problem
Greg Hudson
ghudson at MIT.EDU
Fri Apr 13 10:55:44 EDT 2012
On 04/13/2012 03:23 AM, Sebastian Galiano wrote:
> Ok, the AS-REQ is only to initiate the authentication, that is why the not forwarded one has that packet. Then
> I really dont know why is giving the KRB5KRB_AP_ERR_BAD_INTEGRITY
It's possible that we need to set the name type in more places, but I
think it's more likely that the problem is related to the encoding of
the kvno of the ticket. We have a fix (well, an interop workaround)
scheduled for 1.9.4; you can see the diff here:
https://github.com/krb5/krb5-anonsvn/commit/29a0a3b290ff1dfaf51ac9b7e10591998151ec22
More information about the Kerberos
mailing list