Need help interpreting krb5kdc log file, specifically etypes
Jeffrey Altman
jaltman2 at nyc.rr.com
Tue Jul 18 09:36:55 EDT 2006
alextc at microsoft.com wrote:
> I have one more question, regarding the negative values in my krb5kdc.
> So if I look at the entry in the log:
> Jul 17 11:19:57 rh01.mit.contoso.com krb5kdc[1864](info): TGS_REQ (7
> etypes {23 -133 -128 3 1 24 -135}) 192.168.15.103: ISSUE: authtime
> 1153149597, etypes {rep=
> 23 tkt=23 ses=23},
> By looking at the table in RFC 3961 I know that the issued token was
> encrypted with RC4, but when I look at the etypes proposed by the
> client (etypes {23 -133 -128 3 1 24 -135}) I see some negative values
> that are not in the RFC 3961 table. The client is Windows XP
> workstation SP2. Does anybody know what those negative values
> represent?
> Thanks.
> Alex.
Negative values are reserved for private use by implementers.
>From the Microsoft Windows Platform SDK ntsecapi.h:
#define KERB_ETYPE_RC4_MD4 -128 // FFFFFF80
#define KERB_ETYPE_RC4_PLAIN2 -129
#define KERB_ETYPE_RC4_LM -130
#define KERB_ETYPE_RC4_SHA -131
#define KERB_ETYPE_DES_PLAIN -132
#define KERB_ETYPE_RC4_HMAC_OLD -133 // FFFFFF7B
#define KERB_ETYPE_RC4_PLAIN_OLD -134
#define KERB_ETYPE_RC4_HMAC_OLD_EXP -135
#define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136
#define KERB_ETYPE_RC4_PLAIN -140
#define KERB_ETYPE_RC4_PLAIN_EXP -141
Jeffrey Altman
More information about the Kerberos
mailing list