Forum Discussion
Steve_Lyons
Mar 02, 2019Ret. Employee
Single domain forest with KDC defined. A tcpdump was taken from the BIG-IP and a Wireshark capture from the KDC.
KRB5KDC_ERR_PREAUTH_REQUIRED KRB5KRB_ERR_RESPONSE_TOO_BIG AS-REQ AS-REP TGS-REQ TGS-REP pa-data pa-s4u-X509-user padata-type:kRB5-PADATA-FOR-X509-USER (130)
The padata is the one thing that does not seem to always be consistent but I have no idea if that is an issue or not. My expectation would be that each TGS-REP from the KDC would be identical as it is for the same exact user/principal/service. I see some responses with padata and others without.