e-data field in KRB-ERROR from microsoft clients when ERR_SKEW is issued

[JC Ferguson]

Hi - When a WindowsXP client who's clock is skewed beyond the configured toleration connects to a Microsoft Windows 2000 server, the return is a KRB-ERROR message with all the fixings.  However, I cannot interpret the e-data field.  I am consistently getting a byte sequence of :

ac 09 04 07 30 05 a1 03 02 01 02

which I intepret as

 [12] {
   OCTET STRING
       30 05 a1 03 02 01 02
 }

and this appears to contain another sequence of bytes:
   
  SEQUENCE {
     [1] {
        02 01 02
     }
  }

Any ideas what the format is supposed to be for e-data when the client's clock is skewed?  Google has plenty of references for what e-data needs to be for other errors, but i'm coming up empty for ERR_SKEW.  It can't be a hint about the time because the server's time is in the KRB-ERROR.  

Also, curiously enough, even though the time is skewed, the client is able to eventually connect - this is puzzling as I checked the system time after successful connect and it was still skewed.  Any ideas on that one also please?  This behavior is not the case when the OS is Win2003 server (it does not permit the connection in timeskew situations).


tnx
/jc