[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

KRB5KRB_AP_ERR_MODIFIED during protocol transition




I am trying to do Protocol Transition using the Heimdal-0.8 library
implementation.
I am using the following command to initiate protocol transition:
kgetcred --impersonate=<user> <service>

In the packet traces I see that the client sends a TGS-REQ with PA-Data 129
(S4U2Self extension) to request the service ticket from the KDC (Win 2003
server) for the specified service. But the KDC is returning an error:
KRB5KRB_AP_ERR_MODIFIED. The format of the PA-Data type 129 looks okay
(Principal name, Realm, Checksum + "Kerberos"). I cannot
verify the checksum, there may be something wrong while calculating it. Does
anyone has any idea, what could be going wrong? I can upload the trace if
required.

I searched in the archives, about Protocol Transition and there was one
discussion about the PA-Data type 129. Has anyone been able to successfully do
Protocol Transition using
the Heimdal kerberos libs.

Thanks and Regards,
Gaurav