>>>>> "Ken" == Ken Hornstein <[EMAIL PROTECTED]> writes:
>> Unfortunately, PREAUTH_FAILED corresponds to the password being deemed
>> incorrect, since we have requires_preauth on all user principals.
Ken> Ever hear of the phrase, "a little knowledge is dangerous"? :-)
Ken> KRB5_PREAUTH_FAILED is an internal client-side library error.
Ken> KRB5KDC_ERR_PREAUTH_FAILED is returned by the KDC when preauth has failed.
Hmm, I would have gotten this one wrong too.
As a side note, 1.3 KDCs should return decrypt integrity check not
KRB5KDC_ERR_PREAUTH_FAILED for incorrect password with preauth.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
