Which Derrick is close, he had a few bugs in his description.
He is correct that you need to get a shared key, of the form
[EMAIL PROTECTED] You should make sure, as he
said, that the *key* is the same, not necessarily the password (i.e.,
make sure that the output from the string-to-key is the same, or that
you are using the same string-to-key function to generate a key from a
password).
One bug in Derrick's description is regarding the KVNO. You should
make sure that the kvno of the shared keys Match on both sides (i.e.,
they have the same kvno). Be aware that if you are using the
kaserver, you *cannot* set the kvno of a krbtgt key (This is a bug I
found about 2 years ago, and it has never been fixed!) So be careful
about this.
The rest of Derrick's description is correct.
Hope this helps
-derek
Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
Home page: http://www.mit.edu:8001/people/warlord/home_page.html
[EMAIL PROTECTED] PP-ASEL N1NWH PGP key available
