Steve Syfuhs
Steve Syfuhs
I own a good chunk of the authentication stack in Windows and I can say with certainty that this is not a thing that can be done easily. There is...
There are a handful of knobs you can use to make it work well. * `KerberosClient` is per-user meaning that if you only ever have a single identity for the...
TGT will renew as it nears expiration. Service tickets will not. That's another reason to keep calling GetServiceTicket. Avoid calling Authenticate repeatedly. It will always get a new TGT. You...
Whenever you get an exception from GetServiceTicket telling you to. ________________________________ From: RussKahler1970 ***@***.***> Sent: Wednesday, December 6, 2023 5:12:13 AM To: dotnet/Kerberos.NET ***@***.***> Cc: Comment ***@***.***>; Subscribed ***@***.***> Subject:...
Specifically the call to `GetServiceticket` will throw an exception `InvalidOperationException("Cannot request a service ticket until a user is authenticated")`. I would avoid doing it on all exceptions, as you could...
Are there any logs from MIT about the request? Can you enable verbose/debug logging? The error itself is that the client timed out waiting for the KDC to send it...
The name formatted in the log looks a bit fishy. Can you try setting the `DefaultNameType` to something like `PrincipalNameType.NT_ENTERPRISE` `client.Configuration.Defaults.DefaultNameType = PrincipalNameType.NT_ENTERPRISE`
CORRECTION: NT_PRINCIPAL ________________________________ From: Andrew Stakhov ***@***.***> Sent: Tuesday, October 25, 2022 11:28:23 AM To: dotnet/Kerberos.NET ***@***.***> Cc: Steve Syfuhs ***@***.***>; Comment ***@***.***> Subject: Re: [dotnet/Kerberos.NET] Failing to authenticate when...
So it looks like it's the same issue as this: https://github.com/dotnet/Kerberos.NET/issues/270 I'd guess there's a bug somewhere along the way that's rewriting the name type back to NT_ENTERPRISE.
Grr, hit submit too early. Can you try setting the PrincipalNameType on the credential itself? ``` var credentials = new Kerberos.NET.Credentials.KerberosPasswordCredential("iwasvc", "password", "macsux.dc") { PrincipalNameType = PrincipalNameType.NT_PRINCIPAL }; ```