KRB5KRB_AP_ERR_MODIFIED: MIT Kerberos 1.8.1 & arcfour-hmac-md5 session key

Greg Hudson ghudson at MIT.EDU
Wed Jun 2 18:22:34 EDT 2010


On Wed, 2010-06-02 at 03:33 -0400, Richard E. Silverman wrote:
> After upgrading to MIT Kerberos 1.8.1, I get KRB5KRB_AP_ERR_MODIFIED while
> trying to authenticate to certain devices; so far, a NetApp filer, and
> Windows hosts running BitVise WinSSHD and MS SQL Server (alll part of a
> Windows AD realm).

FYI, I tried reproducing this using MIT code on both ends (a 1.7 KDC and
GSS sample server, and a 1.8 client) and wasn't able to get it to break.

That doesn't rule out a lot of possibilities since I didn't use actual
Windows server components, but it does suggest that the problem might
not be in the crypto layer per se, despite the fact that it works with
DES and not with RC4.





More information about the Kerberos mailing list