question(s) about krb5api usage on windows

Nikola Radovanovic nikola.radovanovic at
Sat Sep 23 03:22:18 EDT 2006

fist,hi all, this is my first post here, so if i am doing anything 
wrong, do not hesitate to point that out :-)

well, i will try to explain my problem(s) as short  is possible...

recently i have got a task  to  explore kerberos an write some example  
code regarding kerberos. so after a few weeks of exploration kerberos 
and security in general, i manage to install MIT kerberos on Linux, make 
slave KDC, db replication, using kerberised telnet,etc.also i somehow 
manage to authenticate winxp machine (from workgroup) to MIT linux KDC. 
also i  put into the work MIT simple client/server to work lin->lin and 
win->linux auth (also i manage to do this with codes from security 
principles, recipe 8.13). if you are wondering what is wrong than after 
all that success :-[ , here they are...

beside i have problems on linux (gss-server/gss-client when gss-client 
is on other pc than one with KDC throws error: server principal unknown, 
but server principal is added to krb base, and these examples works 
perfect when both run on kdc machine).so, this is my first question:what 
is possibly wrong?
second. i am trying to use krb5 api (not gssapi, at least, not for now) 
in win->win case.KDC is 2003 AS, client is on winxp. *MAIN QUESTION*: is 
that possible? if it is, are there some example codes for that? i added 
principals(users and service accounts, with all 5 prerequisite params 
regarding password and DES), but i found next problems:why my NetIDMgr 
shows differnet tickets than kerbtray form MS (there is double tcket for 
krbtgt)? what types of encription 2003 supports(KDC_ERR_ETYPE_NOTSUPP)? 
i have the same problem on 2003 kdc like on linux 
(KDC_ERR_S_PRINCIPAL_UNKNOWN).finally, i have no idea what the hell is 
KDC_ERR_BADOPTION.can somebody post krb5.ini for 2003 AS?

10x in advance


Nikola Radovanovic
DMS Group
Puskinova 26
21000 Novi Sad
Serbia & Montenegro

Phone:  +381 21 
nikola.radovanovic at

More information about the krbdev mailing list