[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal 0.7.2 with Windows 2003 KDC

To: michel.brabants@euphonynet.be
Subject: Re: heimdal 0.7.2 with Windows 2003 KDC
From: "Douglas E. Engert" <deengert@anl.gov>
Date: Thu, 11 May 2006 12:41:47 -0500
Cc: heimdal-discuss@sics.se
In-Reply-To: <1355.217.136.238.173.1147340893.squirrel@webmail.euphonynet.be>
References: <2078.217.136.238.173.1147280129.squirrel@webmail.euphonynet.be> <1199.217.136.238.173.1147338391.squirrel@webmail.euphonynet.be> <1355.217.136.238.173.1147340893.squirrel@webmail.euphonynet.be>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.13) Gecko/20060414



michel.brabants@euphonynet.be wrote:

> Hello,
> 
> some more information: when I type in a wrong password, I het
> "pre-authentication failed". When I type in the correct password, I get
> password incorrect.

Have you looked at a network trace? Ethereal can decode the KRB5 packets.
http://www.ethereal.com

Note that Windows treats the user as is case insensitive, but the salt
is case sensitive.   So to Windows User@REALM is the same as user@REALM.


> 
> Thank you and greetings,
> 
> Michel
> 
> 
>>Hello,
>>
>>I found the following interesting page -
>>http://searchwindowssecurity.techtarget.com/originalContent/0,289142,sid45_gci1014058,00.html
>>, which describes encryption-capabilities of windows 2000 and windows 2003
>>with regard to kerberos. It also contains other information regarding
>>their kerberos-implementations. I hope this is usefull to people.
>>
>>Greetings,
>>
>>Michel
>>
>>P.S: My questions are still open, but I'm looking how to detect if
>>pre-authentication is enabled or not.

Ethereal would show this.

>>
>>
>>>Hello,
>>>
>>>I'm trying to authenticate to a Windows 2003 KDC using kinit from
>>>heimdal
>>>0.7.2 on linux. My loginname is recognized, but I continuously get
>>>password incorrect, while I'm 99% sure that it is ok. I read that I
>>>should
>>>force DES, which didn't help. The samba docs said that with heimdal
>>>
>>>>0.6,
>>>
>>>you shouldn't force DES, which also didn't help.
>>>
>>>Is ther an incompability at the moment? I had the impression that
>>>heindal
>>>0.6.x worked, but I can't compile heimdal 0.6.6 with gcc 4.0.3.
>>>
>>>Any idea, if there is already a fix for this or if this is a known
>>>issue?
>>>
>>>Thank you,
>>>
>>>Michel
>>>
>>>P.s.: Is there a way to enbale logging for kinit?
>>>
>>>
>>
>>
>>
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

Follow-Ups:
- Re: heimdal 0.7.2 with Windows 2003 KDC
  - From: michel.brabants@euphonynet.be

References:
- heimdal 0.7.2 with Windows 2003 KDC
  - From: michel.brabants@euphonynet.be
- Re: heimdal 0.7.2 with Windows 2003 KDC
  - From: michel.brabants@euphonynet.be
- Re: heimdal 0.7.2 with Windows 2003 KDC
  - From: michel.brabants@euphonynet.be

Prev by Date: Re: heimdal 0.7.2 with Windows 2003 KDC
Next by Date: Re: heimdal 0.7.2 with Windows 2003 KDC
Prev by thread: Re: heimdal 0.7.2 with Windows 2003 KDC
Next by thread: Re: heimdal 0.7.2 with Windows 2003 KDC
Index(es):
- Date
- Thread