I believe that W2K3 is switching from UDP to TCP earlier than W2K. We had an issue with Solaris 8/9 working against W2K but not W2K3 (principle lengths) The response we had from Microsoft was that W2K switches from UDP to TCP at 2000 bytes and W2K3 switches at 1500 bytes. We were able to demonstrate working TCP functionality to W2K3 by using heimdal rather than MIT kerberos.
Simon -----Original Message----- From: Kevin Coffman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 23:04 To: 'Ben Cox'; [EMAIL PROTECTED] Subject: RE: string-to-key in Windows Server 2003 Most errors of this type (works against W2K, but not W2K3), that I have heard of, had to do with the 2003 server trying to switch to TCP because the packet has become too big. It seems that either they are putting more in the PAC, or W2K3 tries to switch earlier than W2K did. K.C. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Cox Sent: Thursday, June 26, 2003 4:49 PM To: [EMAIL PROTECTED] Subject: string-to-key in Windows Server 2003 We are attempting to authenticate against a Windows Server 2003 Active Directory Server and getting a preauthentication failure (preauth is enc-timestamp). We're using a key that we generated from the password and stored into a keytab; this works against a Win2K AD server but not against a 2003 server. Did the string-to-key algorithm change in Win 2003? (Or does it use a different mechanism for generating the salt?) Any info (or pointers to info) on this would be appreciated. -- Ben ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
