Um, in the user account in AD, you can set an option to not require pre-auth. I would
reccommend that you do so. If you do not, then the AS_REP will be so big that the
Microsoft KDC will send it using TCP/IP instead of UDP/IP. Most clients will not
expect this.
There is an option you can se
Read that log again carefully. It's saying that the >client< time is 1989, not the
server time...
Clint (JOATMON) Chaplin
>>> "Tony Hoyle" <[EMAIL PROTECTED]> 10/2/02 13:59:03 >>>
OK I think I've found a problem. I found out how to enable logging
on the Win2k sid and got:
The function LogonU
At some point in the past, someone posted some information about Kerberos protocol
packet decoders. Now, when I need that info, I can't find it, and searching through
the archives with obvious keywords drew a blank.
Does someone remember this? Thanks!
Clint (JOATMON) Chaplin
How is the KDC user name/password protected? I understand that the KDC encrypts it,
which implies that the KDC must have the decryption key. But, of cource, the KDC must
persist this decryption key across reboots. So, this key must be persisted in a file
someplace.
If this is all true, then
Test
Clint (JOATMON) Chaplin
Maurice Wilkes recalls in his memoirs, "By June 1949, people had begun to realize that
it was not so easy to get a program right as had at one time appeared. I well remember
when this realization first came on me with full force. The EDSAC was on the top floor
o
