Need help interpreting krb5kdc log file, specifically etypes

Jeffrey Altman jaltman2 at nyc.rr.com
Tue Jul 18 09:36:55 EDT 2006


alextc at microsoft.com wrote:

> I have one more question, regarding the negative values in my krb5kdc.
> So if I look at the entry in the log:
> Jul 17 11:19:57 rh01.mit.contoso.com krb5kdc[1864](info): TGS_REQ (7
> etypes {23 -133 -128 3 1 24 -135}) 192.168.15.103: ISSUE: authtime
> 1153149597, etypes {rep=
> 23 tkt=23 ses=23},
> By looking at the table in RFC 3961 I know that the issued token was
> encrypted with RC4, but when I look at the etypes proposed by the
> client (etypes {23 -133 -128 3 1 24 -135})  I see some negative values
> that are not in the RFC 3961 table. The client is Windows XP
> workstation SP2. Does anybody know what those negative values
> represent?
> Thanks.
> Alex.

Negative values are reserved for private use by implementers.
>From the Microsoft Windows Platform SDK ntsecapi.h:

#define KERB_ETYPE_RC4_MD4          -128    // FFFFFF80
#define KERB_ETYPE_RC4_PLAIN2       -129
#define KERB_ETYPE_RC4_LM           -130
#define KERB_ETYPE_RC4_SHA          -131
#define KERB_ETYPE_DES_PLAIN        -132
#define KERB_ETYPE_RC4_HMAC_OLD     -133    // FFFFFF7B
#define KERB_ETYPE_RC4_PLAIN_OLD    -134
#define KERB_ETYPE_RC4_HMAC_OLD_EXP -135
#define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136
#define KERB_ETYPE_RC4_PLAIN        -140
#define KERB_ETYPE_RC4_PLAIN_EXP    -141

Jeffrey Altman



More information about the Kerberos mailing list