[30669] in Kerberos
Re: Unexpected return codes from KDC -- krb5-1.6.3
daemon@ATHENA.MIT.EDU (Mike Friedman)
Thu Jan 29 17:51:49 2009
Date: Thu, 29 Jan 2009 14:50:53 -0800 (PST)
From: Mike Friedman <mikef@berkeley.edu>
To: Tom Yu <tlyu@MIT.EDU>
In-Reply-To: <ldvmyd9spev.fsf@cathode-dark-space.mit.edu>
Message-ID: <alpine.BSF.1.10.0901291447460.7972@brillig.security.berkeley.edu>
MIME-Version: 1.0
Cc: MIT Kerberos Mailing List <kerberos@MIT.EDU>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 29 Jan 2009 at 17:44 (-0500), Tom Yu wrote:
> Do you get this sort of mismatched error code for a client principal
> that does not have REQUIRES_PRE_AUTH set?
Tom,
With 1.6.3 kinit, without REQUIRES_PREAUTH, I now get the expected
message:
Password expired. You must change it now.
However, with 1.4.2 kinit and with my API program built with earlier MIT
libraries, I still get 'Password incorrect while getting initial
credentials' from kinit and RC=31, 'decrypt integrity check' from my
program.
So, what's going on here?
Mike
_________________________________________________________________________
Mike Friedman Information Services & Technology
mikef@berkeley.edu 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://mikef.berkeley.edu http://ist.berkeley.edu
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAkmCMs0ACgkQFgKSfLOvZ1TGQwCeI8el2hrH6baUtgWw31XcPM05
e0sAn3927DaRB1uXv3PeI4KN9DYTPZyS
=qXuF
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
