[19659] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: krb5 1.15 interop with Windows 2000

daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Mon Sep 18 17:52:28 2017

Date: Mon, 18 Sep 2017 16:52:12 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Weijun Wang <weijun.wang@oracle.com>
Message-ID: <20170918215212.GL96685@kduck.kaduk.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <C4674B0E-E0A4-49FC-9F0C-549722F4BAFD@oracle.com>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

On Mon, Sep 18, 2017 at 11:06:20PM +0800, Weijun Wang wrote:
> 
> 
> Just tried some different combinations of default_tkt_enctypes. This error only happens when aes256-sha2 is placed before rc4-hmac. All other etypes are safe.
> 
> BTW, the server does not complain with its 1st PREAUTH_REQUIRED response, and in my 2nd AS-REQ, if I provide a wrong password, the error is PASSWORD_INCORRECT. Only if I provide the correct password it returns this error. Seems like it decides to choose etype of 20 but only realize it's not supported after a while.

Just noting that this thread would be on-topic for the kitten@ietf.org list
if you wanted to mention it there.

-Ben
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post