Kerberos, Windows2008 RODC and ticket forwarding Problem
Sebastian Galiano
Sebastian.Galiano at spilgames.com
Mon Apr 16 10:36:18 EDT 2012
I applied the patches to my clients, and still not working. Is there any way to test if the enconding has been placed correctly? Should I also apply the patch to the kdc?
________________________________________
From: Greg Hudson [ghudson at MIT.EDU]
Sent: 13 April 2012 16:55
To: Sebastian Galiano
Cc: kerberos at mit.edu
Subject: Re: Kerberos, Windows2008 RODC and ticket forwarding Problem
On 04/13/2012 03:23 AM, Sebastian Galiano wrote:
> Ok, the AS-REQ is only to initiate the authentication, that is why the not forwarded one has that packet. Then
> I really dont know why is giving the KRB5KRB_AP_ERR_BAD_INTEGRITY
It's possible that we need to set the name type in more places, but I
think it's more likely that the problem is related to the encoding of
the kvno of the ticket. We have a fix (well, an interop workaround)
scheduled for 1.9.4; you can see the diff here:
https://github.com/krb5/krb5-anonsvn/commit/29a0a3b290ff1dfaf51ac9b7e10591998151ec22
More information about the Kerberos
mailing list