Can anyone tell me if there's a whitepaper or something that shows how MIT krb5 addresses interop with Win2k domain? Won't the win2k domain reject the TGS-REQ sent to it from a Win2k client that had obtained tickets from a krb5 KDC? I know that this works in the latest version of kerberos but I would like to see what was done in it to make it work. Here's a typical failure:
1. AS-REQ win2k client -> KRB KDC
AS-REP KRB KDC <- win2k_client
2. TGS-REQ win2k client -> KRB KDC
TGS-REP KRB KDC <- win2k client
3. TGS-REQ win2k client -> win2k DC & KDC
KRB-ERROR win2k DC & KDC <- win2k clientThis KRB-ERROR is expected if kerberos wasn't changed. The error would be KRB5KRB_AP_ERR_MODIFIED since the tickets/PAC would look like they are not compatible with Microsoft krb.
In which version of krb was this code inserted to overcome this issue? I would like to see the differences as I have the tree with me.
Thanks in advance for your assistance.
Regards, Zafar
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
