[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

preauth_always option?



Hi,

It seems Windows records a "preauthentication failed" event log error
when the AS-REQ doesn't include pre-authentication data. This is a benign
error of course but it confuses people and is generally annoying. My
understanding is that preauthentication is pretty much required by
everyone this point no?

Does anyone have a patch to make get_in_tkt.c always send
preauthentication data?

For example, the following could indicate that the client should always
send KRB5_PADATA_ENC_TIMESTAMP preauthentication data:

  [libdefaults]
      preauth_always = 2

If not I'll make one and post it but I was hoping someone else had done
this already.

Mike

-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/