Surendra Babu A wrote:
> And one more thing: I am using Windows 2003 exchange server as my KDC server. AD does have alert messages about KDC failures. Note that the password is never sent to the KDC. The KDC can only detect a failure if pre-auth is used, and the client returns a pre-auth response encrypted in the wrong key generated from the wrong password and salt. > > Please let me know your thoughts. > > Thank you, > -Surendra > ----- Original Message ----- > From: Surendra Babu A > To: [email protected] > Sent: Thursday, February 02, 2006 12:58 PM > Subject: Shall I capture Kerberos-password failure error message ALONE? > > > Hi Kerbros Team, > > If I enter the wrong passowrd at KDc client, the KDC server gives the > response of PREAUTH_FAULRE error. Right? > > 1. Is there anyway, i can get password failure error message? Is it true > that > "Password verification will be done before sending preauth failure > message?" > > > 2. Can I capture the error message of password failure alone (regardless of > preauth failure error?) That means, if I enter the wrong password, the KDC > server should reply with error. If I enter correct password, KDC should > respond with SUCCESS message (without considering the preauth failure error). > Is it possible with krb5 code? > > Please let me know your thoughts. Thank you. > -Surendra > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
