[30668] in Kerberos
Re: Unexpected return codes from KDC -- krb5-1.6.3
daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Jan 29 17:45:29 2009
To: Mike Friedman <mikef@berkeley.edu>
From: Tom Yu <tlyu@MIT.EDU>
Date: Thu, 29 Jan 2009 17:44:40 -0500
In-Reply-To: <alpine.BSF.1.10.0901291416340.7972@brillig.security.berkeley.edu>
(Mike Friedman's message of "Thu,
29 Jan 2009 14:23:50 -0800 (PST)")
Message-ID: <ldvmyd9spev.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: MIT Kerberos Mailing List <kerberos@MIT.EDU>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
Mike Friedman <mikef@berkeley.edu> writes:
> But the fact that kinit seems to be acting the same way would appear to be
> the significant point.
Yes.
> Here's what getprinc shows:
>
> kadmin.local: getprinc mikef
> Principal: mikef@BERKELEY.EDU
> Expiration date: [never]
> Last password change: Tue Jan 27 14:41:56 PST 2009
> Password expiration date: Wed Jan 28 11:00:16 PST 2009
> Maximum ticket life: 0 days 10:00:00
> Maximum renewable life: 7 days 00:00:00
> Last modified: Thu Jan 29 11:00:16 PST 2009 (root/admin@BERKELEY.EDU)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
> Number of keys: 4
> Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
> Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
> Key: vno 1, ArcFour with HMAC/md5, no salt
> Key: vno 1, DES cbc mode with CRC-32, no salt
> Attributes: REQUIRES_PRE_AUTH
> Policy: [none]
Do you get this sort of mismatched error code for a client principal
that does not have REQUIRES_PRE_AUTH set?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
