MIT Kerberos problem with Windows clients
Morgan Patou
morgan.patou at dbi-services.com
Fri Jan 17 11:11:03 EST 2014
Hi Robert,
> Is this a windows specific issue or do you see this also on the linux clients?
I've just created a Linux VM on my computer to test this from a Linux outside of the VPN. Indeed, the same thing append but it take between 5 and 10 seconds.
> If you uns kerberos only for web-sso anyway, maybe a system like webauth (http://webauth.stanford.edu/) or cosign (see a comparison on http://webauth.stanford.ed/features.html) might be the thing you're really looking for.
Thank you, I will check it out.
> it looks like the client doesn't find out which ticket to fetch from kdc. Can you see any attempt from the client to get a ticket (maybe for the wrong service) form the kdc? Can you check if the client tries to ask funny question (TXT records) to its DNS server, maybe with wireshark/winpcap for Windows (which is a good idea to debug kerberos problems anyway).
There is absolutely nothing in the KDC log file. I will try to see analyze the network traffic with wireshark.
Regards,
Morgan
More information about the Kerberos
mailing list