Not getting KDC_ERR_KEY_EXPIRED from Win2K Kerberos service



I'm trying to configure my UNIX and Linux boxes to authenticate via
Kerberos services provided by Win2K. Things are mostly working except
for expired password - login is still allowed on the Unix/Linux boxes
even after passwords have either passed age limit or been set to
"change on next logon". I have traced this down to the Windows 2000
kerberos service not replying to the client with a

I have setup Kerberos on UNIX and compared the traces, and indeed this
is the message that should be returned (and is by the UNIX Kerberos
server) to prompt for a password change.

So, what is the reason that MS Kerberos service doesn't respond
correctly? Server is Windows 2000 SP4. Is there a setting somewhere
that would affect this response?

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question