[32686] in Kerberos
MIT kdc with Windows 7 pc
daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Tue Sep 21 14:58:37 2010
MIME-Version: 1.0
Date: Wed, 22 Sep 2010 04:56:23 +1000
Message-ID: <AANLkTinj+hR83-Nah6Kse4hQU-TDcbCeh1nF=5wV3+Rx@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi there.
I have tried to configure a Windows 7 machine to use our kerberos
realm. The KDC is MIT krb5 1.7.1.
When I try to login using my kerberos principal ; I get an error that
there are no logon server available.
In the Windows 7 logs, I see the error:
"The digitally signed Privilege Attribute Certificate (PAC) that
contains the authorization information for client jeanyves_avenard in
realm M.DOMAIN.COM could not be validated.
This error is usually caused by domain trust failures; please contact
your system administrator."
In the kdc logs, I can see that something is authenticating. Passwords
seem okay as if I type an incorrect password for my username, i get an
error about the password being incorrect.
Once I enter the right password, I get the error above.
I read http://www.faqs.org/faqs/kerberos-faq/general/ and about the
PAC microsoft put in. But it's a 10 years old article, not sure how
relevant it is today.
Am I to understand that it is not currently possible to authenticate
on a windows machine using a MIT kerberos KDC ? It would be a good
windows domain replacement
Kerberos from Windows seem to work fine, and I could use the
credential with Firefox.
And comments on the matter?
Thank you
JY
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
