[19774] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: obscured error code (was Re: krbdev Digest, Vol 186, Issue 4)

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jun 18 12:26:10 2018

To: Joshua Acosta <joshuacosta6@gmail.com>, krbdev@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <39b95f13-4992-75d3-7aff-e575450cebf9@mit.edu>
Date: Mon, 18 Jun 2018 12:25:58 -0400
MIME-Version: 1.0
In-Reply-To: <CAB2Uq9nUb6g56armMoTD6DuuQ976sR-PWbqnRfT6VVpkQpDDVQ@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

On 06/18/2018 07:21 AM, Joshua Acosta wrote:
> The problem that we have is when we demand a ticket TGT of a user that is
> in "renewal state", the function leash_kinit doesn't inform about this
> situacion, that has a return code KRB5KDC_ERR_KEY_EXP, instead of this
> value the code returned is KRB5KDC_ERR_PREAUTH_FAILED.
> 
> We are "sniffing" the conversation between client and Host IBM and can see
> that the error of key expired is fired, but is hiding by the next error:
> preauth fail.

Can you share more details of the packet trace?  I do not know 
immediately know why the exchange would not end at the 
KRB5KDC_ERR_KEY_EXP response and yield that error code.
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post