encryption type used by windows client for AS-REQ

Lara Adianto m1r4cle_26 at yahoo.com
Fri Jun 4 05:44:55 EDT 2004


I have a doubt about the AS-REQ mechanism between a
windows client and an MIT KDC.

When the windows client sends an AS-REQ to the KDC,
the AS-REQ contains a preauthentication data (the
timestamp) which is encrypted using the key generated
from the hash of the user's password.

My question is: how does the windows kerberos client
know which encryption type that it must use for the
encryption of this preauth-data ? As far as I know,
the default encryption type for windows kerberos is
RC4-HMAC, but MIT Kerberos only supports DES-CBC-CRC
and DES-CBC-MD5. So, how does windows kerberos client
know that it shouldn't use RC4-HMAC ?

I've configured this scenario in my simulation, but
can't figure out how the windows client determines the
appropriate encryption type for
preauthentication-data. The ksetup doesn't specify
anything about the encryption type right ?


La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -

Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.

More information about the Kerberos mailing list