HP CIFS Server and Kerberos
16
“Maximum Lifetime” for the “User Ticket” (set on the KDC) expires. This allows the client to request
services from the domain without re-authenticating. In this example we have ignored the Kerberos
encryption types, but these encryption types will be the focus of the majority of the subsequent data
and discussion.
After the user has been successfully authenticated into the domain, it now maps a share to a CIFS
server: \\atcux5\buffy. The XP client initially requests a TGS from the KDC for the atcux5 cifs service
in the machine name of the client: HPATCCLI2$. The KDC grants the TGS ticket request,
but the HP CIFS Server rejects it because the machine name of the client is not valid (see below).
The HP CIFS Server recognizes domain users – not domain machines – and thus the session_setup
results in a STATUS_LOGON_FAILURE.