obscured error code (was Re: krbdev Digest, Vol 186, Issue 4)
ghudson at mit.edu
Mon Jun 18 12:25:58 EDT 2018
On 06/18/2018 07:21 AM, Joshua Acosta wrote:
> The problem that we have is when we demand a ticket TGT of a user that is
> in "renewal state", the function leash_kinit doesn't inform about this
> situacion, that has a return code KRB5KDC_ERR_KEY_EXP, instead of this
> value the code returned is KRB5KDC_ERR_PREAUTH_FAILED.
> We are "sniffing" the conversation between client and Host IBM and can see
> that the error of key expired is fired, but is hiding by the next error:
> preauth fail.
Can you share more details of the packet trace? I do not know
immediately know why the exchange would not end at the
KRB5KDC_ERR_KEY_EXP response and yield that error code.
More information about the krbdev