Am 2021-10-21 um 21:38 schrieb Wei-Jun Wang:
KrbKdcReq throws the exception on line 55, so it is the previous check if (isAsReq && !req.reqBody.cname.equals(rep.cname) && ((!req.reqBody.kdcOptions.get(KDCOptions.CANONICALIZE) && req.reqBody.cname.getNameType() != PrincipalName.KRB_NT_ENTERPRISE) || !rep.encKDCRepPart.flags.get(Krb5.TKT_OPTS_ENC_PA_REP))) { rep.encKDCRepPart.key.destroy();throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);} So maybe it's the cname was changed, but I'm not sure about the flags. Can you send me some packets? Hopefully with a key tab or password so I can look into rep.encKDCRepPart.
I misread the block, of course it is this one. the crealm is changing an I am not providing an enterprise principal.
Sent you the pcap file. If this isn't enough, will prepare with a keytab. Michael
