Does anybody know: Enctype used to encrypt authenticator?

Mark Pröhl mark at mproehl.net
Fri Feb 8 11:00:15 EST 2013


Am 08.02.2013 10:09, schrieb Tom_Krauss:
> Hi,
>
> I understood that a client sends two items in an AP-REQ to a service.
> The service ticket and an authenticator.
>
> The authenticator is encrypted with the session key known only to client and
> server and it contains
> a timestamp and principal of the client. So when the server decrypts the
> authenticator with the session key provided to him by the ticket and finds a
> good timestamp and the name of the principal matches the client he is happy
> to serve.
>
> What I do not understand is how the client chooses the enctype to use with
> the session key to build the authenticator.
>
> How does he know to choose an enctype that is supported by the server?
>
> Does anybody know this?
>
> Thanks in advance and cheers
>
> Tom
Hi,

the encryption type of the session key is determined by the KDC. So it 
is the KDC that must know what enctype the server supports.

Cheers,

Mark



More information about the Kerberos mailing list