Date: Fri, 11 Oct 2024 18:30:48 +0300 From: Gleb Popov <arrowd@freebsd.org> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: freebsd-hackers <freebsd-hackers@freebsd.org> Subject: Re: Why Kerberos performs account management before authentication? Message-ID: <CALH631n5LSoPdKCHEvOWG0ySa2gkVaN8eBNcswYsUk71xhHsyw@mail.gmail.com> In-Reply-To: <20241011150941.C2966203@slippy.cwsent.com> References: <CALH631kPsbYakfANCqzCDKRKqL=gDs5qWpFp1FNn7EV%2B%2BqT=Gg@mail.gmail.com> <20241011150941.C2966203@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 11, 2024 at 6:09=E2=80=AFPM Cy Schubert <Cy.Schubert@cschubert.= com> wrote: > > I just tested this on my MIT KRB5 KDC. I created a principal and expired = it > at 0800U (my timezone U =3D PDT). Here are the results: > > slippy$ kinit cytest > cytest@CWSENT.COM's Password: > kinit: Password incorrect > > My MIT KRB5 KDC returns password incorrect to the FreeBSD Heimdal kinit f= or > the expired principal. > > slippy$ /usr/local/bin/kinit cytest > Password for cytest@CWSENT.COM: > kinit: Password incorrect while getting initial credentials > slippy$ > > It also returns password incorrect to the MIT KRB5 kinit. > > What you're seeing is M$ A/D behavior. > This is peculiar. Thanks for conducting the test! I'll try this out myself = too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALH631n5LSoPdKCHEvOWG0ySa2gkVaN8eBNcswYsUk71xhHsyw>