>>>>> "john" == John Hascall <[EMAIL PROTECTED]> writes:
john> We are running OpenAFS 1.2.11, but not kaserver, john> we are running MIT Kerberos 1.2.6 (but not on the "afs db servers"), john> we are using the kaforwarder/fakeka stuff. john> For most of our users this works fine. I have one user john> who can't authenticate his PC. What OS? What software is failing? Are initial tickets obtained? john> I am seeing the following packets arrive at the afs db server john> which look like some sort of a K5 request for an afs ticket: What port are they arriving on? And on UDP, I presume? From the failing client's IP address? More information would be useful. john> 6303373b766d61124537XXXXXXXX0000494153544154452e4544550067710e403f6166730000 john> c . 7 ; v m a . E 7 u s e r . . I A S T A T E . E D U . g q . @ ? a f s . . I'm not sure, but the tail bit of it looks like part of a krb4 initial ticket request by "user" for "[EMAIL PROTECTED]", with lifetime 5 hours 15 minutes, around 21 January 2004 (assuming little-endian). The use of nul bytes after certain string components strongly implies krb4. Of course, I'm not sure how a kaserver request would look, so I could be mistaken. Any OpenAFS people want to speak up about this? john> except the first byte (packet type) of 0x63 seems to be unknown. john> Any ideas what this is? I have no idea what the preceding stuff is; perhaps it is some kaserver stuff. It is almost definitely not krb5. The leading 0x63 could be for "constructed [APPLICATION 3]" in ASN.1, but having a length descriptor of "3" makes it unlikely to be real ASN.1, given the other stuff. Also, that [APPLICATION 3] tag would make it an EncTicketPart, which the rest of it does not appear to be, and an EncTicketPart would have been in encrypted form anyway. ---Tom ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
