FYI, I succeeded getting basic preauth to work. The code is ugly, and you'll have to enter the password twice (once to generate the preauth and once to decrypt the AS-REP), and it doesn't handle non-default salts, but seem to work against MIT KDC.
I should clean this up, so it automatically send a preauth AS-REQ when it receive the KRB-ERROR response that indicate this problem, and only query for a password once. Note that you'll need to use -o preauth, or put 'preauth' in the configuration file. This is undocumented for now, because I don't think it should be required in the final release. Try tomorrow's nightly build, if you don't build from CVS. If it doesn't work, please run with 'shishi -v -v -v -v -o preauth foo' and send the output (which will contain the password, so use a dummy account). More later this week, first I should get gnutls 1.4.0 released... /Simon [EMAIL PROTECTED]:~/src/shishi$ src/shishi -d 1 ticket removed. [EMAIL PROTECTED]:~/src/shishi$ src/shishi jas2 Error code from server: Additional pre-authentication required Additional error message from server: NEEDED_PREAUTH Types of PA-DATA requested: 2, 11, 19, 13. Preauth required, try `-o preauth'. /home/jas/src/shishi/src/.libs/lt-shishi: Could not get ticket as `jas2' for `krbtgt/JOSEFSSON.ORG'. [EMAIL PROTECTED]:~/src/shishi$ src/shishi -o preauth jas2 Enter password for [EMAIL PROTECTED]': Enter password for [EMAIL PROTECTED]': [EMAIL PROTECTED]: Authtime: Wed Apr 19 18:06:15 2006 Endtime: Thu Apr 20 02:06:14 2006 Server: krbtgt/JOSEFSSON.ORG key des3-cbc-sha1-kd (16) Ticket key: des3-cbc-sha1-kd (16) protected by des3-cbc-sha1-kd (16) Ticket flags: INITIAL PREAUTHENT (1536) [EMAIL PROTECTED]:~/src/shishi$ _______________________________________________ Help-shishi mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-shishi
