[31551] in Kerberos
Re: kinit-1.7: wrong passwords lock active directory accounts
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Oct 7 18:37:58 2009
From: Greg Hudson <ghudson@mit.edu>
To: "mark@mproehl.net" <mark@mproehl.net>
In-Reply-To: <4ACCA005.9050605@mproehl.net>
Date: Wed, 07 Oct 2009 12:45:44 -0400
Message-Id: <1254933944.9616.109.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Wed, 2009-10-07 at 10:04 -0400, Mark Pröhl wrote:> # kinit user> Password for user@MYDOMAIN.EXAMPLE: <wrong password>> kinit: Looping detected inside krb5_get_in_tkt while getting initial> credentials
That's definitely not supposed to happen. Against an MIT KDC, I seeonly one try, followed by:
kinit: Password incorrect while getting initial credentials
However, we do have at least one other report of looping with krb5 1.7'skinit:
http://mailman.mit.edu/pipermail/kerberos/2009-September/015265.html
so there is probably an interoperability issue against AD. I will seeif I can replicate the issue; if I can't, a detailed packet trace fromyou might be sufficient.
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
