Michael B Allen iop...@gmail.com wrote:
In general, both the MIT and Heimdal clients are not optimized for a
Windows environment. We have an AD integration product that uses
Heimdal that we made a lot of changes to try to better emulate Windows
behavior.
Please just stop trying to sell folks
On Thu, Jan 29, 2009 at 10:00 AM, Christopher D. Clausen
cclau...@acm.org wrote:
Michael B Allen iop...@gmail.com wrote:
In general, both the MIT and Heimdal clients are not optimized for a
Windows environment. We have an AD integration product that uses
Heimdal that we made a lot of changes
VVN == Viji V Nair vijivijayaku...@gmail.com writes:
VVN Hi, I am trying to authenticate windows xp clients to an MIT
VVN kerberos server. The Server is on a Linux machine and I have
VVN both windows and Linux clients on my network. I have followed the
VVN below steps, but no
Mike Friedman mi...@berkeley.edu writes:
This is a 'sequel' to my earlier postings about getting bad return codes
from the KDC. However, I've moved from a binary Linux distribution to a
FreeBSD port of MIT Kerberos and my symptoms are a bit different, so I'm
starting a new thread.
My
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 29 Jan 2009 at 16:23 (-0500), Tom Yu wrote:
The get_in_tkt APIs are deprecated in favor of the get_init_creds APIs.
I know that this fact is probably not well-documented.
Tom,
Yes, I've been aware of this for some time. Unfortunately,
Mike Friedman mi...@berkeley.edu writes:
What error shows up in the KDC logs during those failure conditions?
One example is this:
CLIENT KEY EXPIRED: mi...@berkeley.edu for
krbtgt/berkeley@berkeley.edu, Password has expired
As I said in my later note, it's not just my API code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 29 Jan 2009 at 17:09 (-0500), Tom Yu wrote:
Mike Friedman mi...@berkeley.edu writes:
CLIENT KEY EXPIRED: mi...@berkeley.edu for
krbtgt/berkeley@berkeley.edu, Password has expired
As I said in my later note, it's not just my API
Mike Friedman mi...@berkeley.edu writes:
But the fact that kinit seems to be acting the same way would appear to be
the significant point.
Yes.
Here's what getprinc shows:
kadmin.local: getprinc mikef
Principal: mi...@berkeley.edu
Expiration date: [never]
Last password
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 29 Jan 2009 at 17:44 (-0500), Tom Yu wrote:
Do you get this sort of mismatched error code for a client principal
that does not have REQUIRES_PRE_AUTH set?
Tom,
With 1.6.3 kinit, without REQUIRES_PREAUTH, I now get the expected
message: