clock skew and preauth

Tom Yu tlyu at MIT.EDU
Tue Mar 20 19:19:06 EDT 2012


Chris Hecker <checker at d6.com> writes:

> Also, the encrypted_challenge_main.c file does check this:
>
> if (labs(now-ts->patimestamp) < context->clockskew) {
>
> and gives the KRB5KRB_AP_ERR_SKEW error, which is the same check the
> timestamp preauth does, so I don't see how it could work.  But, I'm
> having trouble getting gdb to break there, so I'm not sure it's getting
> called.

I think the error message you're seeing is from the encrypted
timestamp preauth, not the FAST encrypted challenge preauth.  Are you
doing anything that would trigger FAST?


More information about the Kerberos mailing list