-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've been testing some Kerberos authentication code against both my MIT K5 KDC and a Windows Active Directory KDC. In both cases, I'm using pre-authentication. However, when I enter an incorrect password, the MIT KDC returns 31 (decrypt integrity check failure), whereas the AD KDC returns 24 (preauth failure). I'm just wondering what might account for the different responses.
In fact, this behavior doesn't cause me any problems, since I treat both as meaning that an incorrect password was entered. Is this just a difference in the way the two KDC implementations define the meaning of the return codes? Or might there be a difference in the way the principals are defined in the two KDCs? Thanks. Mike _____________________________________________________________________ Mike Friedman System and Network Security [EMAIL PROTECTED] 2484 Shattuck Avenue 1-510-642-1410 University of California at Berkeley http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu _____________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBRJCe6q0bf1iNr4mCEQI+bgCeLLYweH2/ZbbAsbFonI5d1Oz6yW0An1tB psubux0bChB7f8zKbsoxLMhp =D3SX -----END PGP SIGNATURE----- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
