Kerberos, Windows2008 RODC and ticket forwarding Problem

Greg Hudson ghudson at MIT.EDU
Fri Apr 13 10:55:44 EDT 2012


On 04/13/2012 03:23 AM, Sebastian Galiano wrote:
> Ok, the AS-REQ is only to initiate the authentication, that is why the not forwarded one has that packet. Then
> I really dont know why  is giving the KRB5KRB_AP_ERR_BAD_INTEGRITY

It's possible that we need to set the name type in more places, but I
think it's more likely that the problem is related to the encoding of
the kvno of the ticket.  We have a fix (well, an interop workaround)
scheduled for 1.9.4; you can see the diff here:

https://github.com/krb5/krb5-anonsvn/commit/29a0a3b290ff1dfaf51ac9b7e10591998151ec22


More information about the Kerberos mailing list