e-data field in KRB-ERROR from microsoft clients when ERR_SKEW is issued

[Luke Howard]

>But you haven't finished decoding.  02 01 02 is an INTEGER with value 2.
>This sequence looks like a PA-DATA with type pa-enc-timestamp and no value. 
>In other words, almost (but not quite) exactly like what the e-data for 
>KDC_ERR_PREAUTH_REQUIRED should look like.

Not sure if it is related by the MS KDC does encode NT status codes in
e-data. There was some discussion on samba-technical about how this is
done (I don't have a reference on hand, sorry).

-- Luke

--