[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

w2k not happy with 0.7


We just noticed that Windows 2000 can't get tickets from a heimdal
0.7.1 or 0.7.2 kdc. It sends a AS-REQ but doesn't seem to care much for
the reply it gets. We are using pre auth and my present theory is that
windows 2000 gets upset by the PA-PK-AS-REQ it gets as, according to
http://security.zhwin.ch/Kerberos_PKINIT.pdf, a w2k kdc never send a
PA-PK-AS-REQ but sticks to PA-PK-AS-REP. Unfortunately, I don't have
access to such a kdc.

Has anyone else seen this? Any suggestions for fixes or workarounds?

Bjorn Sandell               Chalmers University of Technology
IT Services       www.ita.chalmers.se      +46 (0)31 772 1000