>Now I'm having another problem with my 1.6.1 (RedHat Linux) test KDC. It
>seems that if I set the REQUIRES_PWCHANGE attribute for a principal and
>try to authenticate with an invalid password, I get back a return code of
>31 ('decrypt integrity check failed'), instead of a 23 (password expired).
>The KDC log actually shows 'REQUIRED PWCHANGE' in the reply to the AS_REQ,
>yet I'm still getting a return code of 31!
>
>(My code depends on the RC=23 to verify that the REQUIRES_PWCHANGE
>attribute is, in fact, set. This code has been running successfully for
>years on earlier KDC versions, 1.4.2 currently, though not on Linux
>systems).
Dude,
May I humbly suggest that maybe, just maybe, for something like you KDC
you NOT rely on some pre-compiled binary compiled by god-knows-who with
god-knows-what options? Judging by what you're posting, something seems
to be majorly wrong here ... at least with error reporting.
(And at the very least, you could always compile with debugging turned on
to try to track down the problem).
--Ken
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
