KRB5KRB_AP_ERR_MODIFIED: MIT Kerberos 1.8.1 & arcfour-hmac-md5 session key
Richard Silverman
res at qoxp.net
Thu Jun 3 00:06:22 EDT 2010
On Wed, 2 Jun 2010, Greg Hudson wrote:
> On Wed, 2010-06-02 at 03:33 -0400, Richard E. Silverman wrote:
>> After upgrading to MIT Kerberos 1.8.1, I get KRB5KRB_AP_ERR_MODIFIED while
>> trying to authenticate to certain devices; so far, a NetApp filer, and
>> Windows hosts running BitVise WinSSHD and MS SQL Server (alll part of a
>> Windows AD realm).
>
> FYI, I tried reproducing this using MIT code on both ends (a 1.7 KDC and
> GSS sample server, and a 1.8 client) and wasn't able to get it to break.
Thanks for looking at it. I don't know that 1.7 is OK, though;
the latest release I know does *not* have the problem, is 1.6.3.
> That doesn't rule out a lot of possibilities since I didn't use actual
> Windows server components, but it does suggest that the problem might
> not be in the crypto layer per se, despite the fact that it works with
> DES and not with RC4.
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list