Not getting KDC_ERR_KEY_EXPIRED from Win2K Kerberos service

• Previous message: Andre Misheal: "Prevent Downloading"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 20 Jun 2005 03:01:09 -0700

I'm trying to configure my UNIX and Linux boxes to authenticate via
Kerberos services provided by Win2K. Things are mostly working except
for expired password - login is still allowed on the Unix/Linux boxes
even after passwords have either passed age limit or been set to
"change on next logon". I have traced this down to the Windows 2000
kerberos service not replying to the client with a
"KDC_ERR_KEY_EXPIRED" error.

I have setup Kerberos on UNIX and compared the traces, and indeed this
is the message that should be returned (and is by the UNIX Kerberos
server) to prompt for a password change.

So, what is the reason that MS Kerberos service doesn't respond
correctly? Server is Windows 2000 SP4. Is there a setting somewhere
that would affect this response?

• Previous message: Andre Misheal: "Prevent Downloading"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Kerberos wont start ... kerberos service, wish by the way is suppose to be disabled on member ... Because of the server environment with both 2000 servers and a 2003 domain ... > I wouldn't think that this will solve the Outlook logon problem, ... After restarting my Exchange ... (microsoft.public.win2000.general) RE: KRB_AP_ERR_MODIFIED Error on Windows2003 Server ... the password used to encrypt the kerberos service ... serviceprincipalname (SPN) registration. ... KRB_AP_ERR_MODIFIED Error on Windows2003 Server ... (microsoft.public.windows.server.general)