On Wed, Feb 26, 2014 at 4:04 PM, Eirik Bjørsnøs <[email protected]> wrote:
> Hi, > > I'm trying out KdcConnection using Microsoft Active Directory as KDC. > > On getTgt, I first get KRB5KRB_ERR_PREAUTH_REQUIRED. KdcConnection > retries with a PaEncTsEnc added to the request. > > The response to this second request is KDC_ERR_PREAUTH_FAILED. > > Any idea why that would happen? > > no, do you have any logs from AD? you can raise a JIRA here https://issues.apache.org/jira/browse/DIRKRB and attach the logs and any other details. I have never tested this client against AD (due to lack of access) > My understanding is that pre authentication involves encrypting a hash > of the current timestamp. > > Any reason this could fail when talking to AD? > > Thanks, > Eirik. > -- Kiran Ayyagari http://keydap.com
