On Thursday, January 19, 2006 03:31:53 PM -0600 John Hascall <[EMAIL PROTECTED]> wrote:
> If you present a correct but expired password to Kerberos > you will get a 'password expired' error, which is different > from the 'password incorrect' error you get if the password > is not correct (expired or not). Careful here. Kerberos error messages are not authenticated, so you'll also get this error if an attacker decides to trick you into letting him set someone's password by sending you a false error message. -- Jeff ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos