obscured error code (was Re: krbdev Digest, Vol 186, Issue 4)

Greg Hudson ghudson at mit.edu
Mon Jun 18 12:25:58 EDT 2018

On 06/18/2018 07:21 AM, Joshua Acosta wrote:
> The problem that we have is when we demand a ticket TGT of a user that is
> in "renewal state", the function leash_kinit doesn't inform about this
> situacion, that has a return code KRB5KDC_ERR_KEY_EXP, instead of this
> value the code returned is KRB5KDC_ERR_PREAUTH_FAILED.
> We are "sniffing" the conversation between client and Host IBM and can see
> that the error of key expired is fired, but is hiding by the next error:
> preauth fail.

Can you share more details of the packet trace?  I do not know 
immediately know why the exchange would not end at the 
KRB5KDC_ERR_KEY_EXP response and yield that error code.

More information about the krbdev mailing list