Re: "shishi user SERVICE" borked?

From: Elrond
Subject: Re: "shishi user SERVICE" borked?
Date: Sat, 22 Apr 2006 12:39:15 +0200
User-agent: Mutt/1.5.9i

Okay, this gets weird.

Base result: shishi works.

For the fun / which starts to confuse me:

    I have service accounts in my heimdal-kdc that work,
    and I have ones, that don't. I can't really see the
    difference.  Even doing a "cpw -r broken/service"
    (which makes new keys), doesn't help those services.
    Newly created principals usually work.

    clock skew:
        If the w2k3-box is 21seconds ahead of my local box,
        I get some "generic error" as TGT time.
        If my local box is about a minute ahead, I can at
        least get a TGT.
    service tickets:
        Do not work.

What would help you next? For the w2k3-kdc, I can do nearly
everything, including sending you -v*4 and network
captures. For the heimdal one, I have to see (it's half
toy, half real.)


