JAVA 1.6 and EncryptionTypes in AS-REQ are too Restrictive

Weijun Wang Weijun.Wang at sun.com
Thu Jul 15 20:57:36 EDT 2010 

Hi Douglas

Yes, we've noticed this and it's already fixed in OpenJDK. We're going 
to backport the fix to JDK 6 and 5.0 in their next update releases.

After the fix, the first and second AS-REQ always have the same etype 
field. If the AS-REQ is triggered by a username/password pair, it 
includes all etypes defined in default_tkt_enctypes. If by a keytab, 
etypes for available keys in the keytab.

Thanks
Weijun
Oracle Java SE Security Team

On 07/16/2010 03:57 AM, Douglas E. Engert wrote:
> Possible bug in Java 1.6?
>
>    Situation:
>      KDCs - mixed AD domain with 2008 and 2003 DCs.
>
>      Client - Java 1.6 program that uses Krb5LoginModule
>      (i.e. Java kinit, or application) can fail on MacOS, Ubuntu,
>       Solaris 10, Windows 7.
>
>       User - User has changed password since domain converted
>       to mixed 2008-2003.
>
> Client issues first AS-REQ listing in the etype field AES(128 and/or 256),
> DES3,RC4,DES as encryption types to 2008 KDC.
>
> KDC responds KRB5-ERROR PREAUTH_REQUIRED and lists the above encryption
> types (minus the DES3) in PA-ENCTYPES-INFO2
>
> Client sends second AS-REQ with PA-ENC-TIMESTAMP encrypted using AES(128 or 256)
> but in the etype field it only lists the single AES type used for the timestamp.
>
> Based on RFC 4120, sending only the single EncryptionType in the etype
> might be considered the bug? Or is the client being to zealous in
> trying to use only one EncryptioType?
>
>
> (With mixed 2008-2003 DCs, the TGT must use RC4, as the TGT might be
>    used against a 2003 DC that does not support AES. So DC returns
>    KDC_ERR_ETYPE_NOTSUPP (14) as it think the client can not handle RC4.)
>
> The MIT, Heimdal and Solaris kinit work fine as they return
> the same list of encryption Types in both the first and second AS-REQ, and
> the KDC can accept a encrypted timestamp in AES, and send a AS-REP using RC4.
>
> This may have limited exposure, as java 1.6 does not distribute a kinit
> accept on Windows. But the application with the problem gets its own TGT.
>
> The circumvention appears to be to add:
>      default_tkt_enctypes = arcfour-hmac-md5
> to the krb5.conf used by the Java application.
>

More information about the Kerberos mailing list