Windows 2008 R2 problems

Markus Moeller huaraz at moeller.plus.com
Sat Oct 30 15:38:44 EDT 2010


If I use RC4-hmac it works but AES 128/256 fail on Windows 2008 R2 although 
AES 128/256 works on 2008. Can anybody confirm ? Has 2008 R2 changed 
something compared to 2008 ?

Thank you
Markus

"Markus Moeller" <huaraz at moeller.plus.com> wrote in message 
news:iah61u$rak$1 at dough.gmane.org...
> Stepping through the debugger.  I get an error here:
>
> in krb5int_dk_decrypt  from dk_aead.c using MIT 1.8.3
>
> 260
> 261     /* Compare only the possibly truncated length. */
> 262     if (memcmp(cksum, trailer->data.data, hmacsize) != 0) {
> 263         ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
> 264         goto cleanup;
> 265     }
>
> which I think does not relate to the new mech type. Any idea what to look
> for ?
>
> Thank you
> Markus
>
>
> "Markus Moeller" <huaraz at moeller.plus.com> wrote in message
> news:iafjbr$soe$1 at dough.gmane.org...
>>
>> "Simo Sorce" <ssorce at redhat.com> wrote in message
>> news:20101029175054.721e9fa9 at willson.li.ssimo.org...
>>> On Fri, 29 Oct 2010 22:26:36 +0100
>>> "Markus Moeller" <huaraz at moeller.plus.com> wrote:
>>>
>>>> Hi
>>>>
>>>>   I try to use a Windows 2008 R2 server together with MIT libraries
>>>> 1.8.1 for Negotiate authentication. It works fine with 2008 but 2008
>>>> R2 seems to have implemented
>>>> http://www.ietf.org/id/draft-zhu-negoex-02.txt  which uses a new
>>>> mechtype 1.3.6.1.4.1.311.2.2.30.  Is this supported/tested with MIT
>>>> 1.8.1 ?
>>>
>>> NEGOEX is not implemented by any MIT version at this stage.
>>>
>>
>> So will it be ignored or does it create an error ?
>>
>>> Simo.
>>>
>>> -- 
>>> Simo Sorce * Red Hat, Inc * New York
>>> ________________________________________________
>>> Kerberos mailing list           Kerberos at mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>
>>
>> Thank you
>> Markus
>>
>>
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 





More information about the Kerberos mailing list