C
christiana
Hello,
I'm working on a kerberos project, involving windows 2000
user login using kerberos. Windows 2000 Kerberos
Authentication white paper has been a good resource, but
unfortunately it doesn't answer some of my concerns as I
might need to replace the GINA in the windows 2000 in order
to achieve what I want.
I need to know, when the authentication failed because KDC
returns KDC_ERR_PREAUTH_REQUIRED or KDC_ERR_KEY_EXPIRED,
upon capturing the error, how does the KDC tell GINA about
the failure ? Will GINA be able to know the exact cause of
the error SSP (KDC_ERR_PREAUTH_REQUIRED or
KDC_ERR_KEY_EXPIRED) or will SSP hide the actual error code
from GINA ? If it doesn't tell GINA the actual error code,
how does GINA know that it's supposed to prompt user for
new password in the case of KDC_ERR_KEY_EXPIRED.
Which program is responsible to log the kerberos error to
event viewer ?
thank you,
christiana
I'm working on a kerberos project, involving windows 2000
user login using kerberos. Windows 2000 Kerberos
Authentication white paper has been a good resource, but
unfortunately it doesn't answer some of my concerns as I
might need to replace the GINA in the windows 2000 in order
to achieve what I want.
I need to know, when the authentication failed because KDC
returns KDC_ERR_PREAUTH_REQUIRED or KDC_ERR_KEY_EXPIRED,
upon capturing the error, how does the KDC tell GINA about
the failure ? Will GINA be able to know the exact cause of
the error SSP (KDC_ERR_PREAUTH_REQUIRED or
KDC_ERR_KEY_EXPIRED) or will SSP hide the actual error code
from GINA ? If it doesn't tell GINA the actual error code,
how does GINA know that it's supposed to prompt user for
new password in the case of KDC_ERR_KEY_EXPIRED.
Which program is responsible to log the kerberos error to
event viewer ?
thank you,
christiana