[19659] in Kerberos_V5_Development
Re: krb5 1.15 interop with Windows 2000
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Mon Sep 18 17:52:28 2017
Date: Mon, 18 Sep 2017 16:52:12 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Weijun Wang <weijun.wang@oracle.com>
Message-ID: <20170918215212.GL96685@kduck.kaduk.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <C4674B0E-E0A4-49FC-9F0C-549722F4BAFD@oracle.com>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, Sep 18, 2017 at 11:06:20PM +0800, Weijun Wang wrote:
>
>
> Just tried some different combinations of default_tkt_enctypes. This error only happens when aes256-sha2 is placed before rc4-hmac. All other etypes are safe.
>
> BTW, the server does not complain with its 1st PREAUTH_REQUIRED response, and in my 2nd AS-REQ, if I provide a wrong password, the error is PASSWORD_INCORRECT. Only if I provide the correct password it returns this error. Seems like it decides to choose etype of 20 but only realize it's not supported after a while.
Just noting that this thread would be on-topic for the kitten@ietf.org list
if you wanted to mention it there.
-Ben
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev