Re: Why Kerberos performs account management before authentication?
- In reply to: Cy Schubert : "Re: Why Kerberos performs account management before authentication?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 11 Oct 2024 15:30:48 UTC
On Fri, Oct 11, 2024 at 6:09 PM Cy Schubert <Cy.Schubert@cschubert.com> wrote: > > I just tested this on my MIT KRB5 KDC. I created a principal and expired it > at 0800U (my timezone U = PDT). Here are the results: > > slippy$ kinit cytest > cytest@CWSENT.COM's Password: > kinit: Password incorrect > > My MIT KRB5 KDC returns password incorrect to the FreeBSD Heimdal kinit for > the expired principal. > > slippy$ /usr/local/bin/kinit cytest > Password for cytest@CWSENT.COM: > kinit: Password incorrect while getting initial credentials > slippy$ > > It also returns password incorrect to the MIT KRB5 kinit. > > What you're seeing is M$ A/D behavior. > This is peculiar. Thanks for conducting the test! I'll try this out myself too.