All, I've been trying to setup a control to be able to develop the s4u extensions in the kerberos client. I've gotten the ticket to the point that the windows KDC does not throw an "unknown" error, primarily by changing the encryption type to RC4-HMAC. Now the kdc is telling me pre-authentication fails. I've got kinit working, so I know its not a password issue, time synchronization or configuration issue. One thing I don't understand is, how does the KDC know what the encrypted timestamp should be? I know its encrypted by the client, but what is it comparing it to? Is the plain text timestamp stored in the request ticket with the pre-authentication data?
Thanks Marc
