On 09/05/2015 02:53 AM, Russ Allbery wrote:
>>> Sep 4 22:48:34 mithrandir krb5kdc[12868]: AS_REQ (6 etypes {18 17 16 23 25
>>> 26}) 127.0.0.1: KDC_RETURN_PADATA: WELLKNOWN/anonym...@eyrie.org for
>>> krbtgt/eyrie@eyrie.org, Cannot create cert chain: certificate signature
>>> failure
> This
Hi all,
After we updated to Windows 2012R2, we noticed that the KDC already
returns KRB_AP_ERR_TKT_EXPIRED during the last 120 seconds of ticket
lifetime, which can cause problems with authentication and ticket renewal.
Before, tickets were accepted right up to the end of the ticket
lifetime.