Hi Friends, Recently I set up the whole kerberos system using MIT kerberos 1.6.1. When I run the kinit command i observe the results on ethereal. Following is my observation: $>kinit <username> I observe that as soon as I enter above command, ethereal captures 2 packets namely KRB5_AS_REQ and KRB5_AS_RES. After that I type pasword at my end to whuch is used to decrypt the session key(between TGS & Client), I get in response.
I assume that for the above case "pre-auth mehanism" in kerberos is not activated. Even when I look at the code & RFC, I observe that preauth mechanism is optional. I wish to activate this mechanism for my set-up so that the password generated key will be used to encrypt the time-stamp at the client side and this encrypted stamp will be carried by the KRB5_AS_REQ to authentication server. That means I should see above message flow on the ethereal only when the user types both its username and password for kinit command. Could any one tell me how do I activate this preauth mechanism in my kerberos if my above assumption is on the correct track. And also point out the files I need to change to activate this mechanism. Thanks in advance. Regards, Gopal Paliwal ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos