Invalid key generation parameters from KDC while trying to change password.

Benjamin Kaduk kaduk at MIT.EDU
Thu Oct 24 15:34:59 EDT 2013


On Wed, 23 Oct 2013, Edgecombe, Jason wrote:

> Hi Everyone,
>
> Thanks to Ben Kaduk and others on IRC, I solved the problem.  The 
> problem was with my supported_enctypes line in kdc.conf.  The newer 
> version of Kerberos didn't like some of my enc_types. I got "kdb5_util 
> create" to work on 1.11 with only DES types or removing the 
> support_enctypes line entirely.
>
> Along the way, I found that I have to change my AD cross-realm to use 
> AES instead of rc4-hmac:normal before I can upgrade. :(

Hi Jason,

I was able to reproduce your issue locally, and I believe I now understand 
the nature of the problem.  (Incidentally, 'kdb5_util create' will not 
reproduce the issue on master or 1.12, since commit 
1c84a94d25d62e4f78c09464f5ef9bd30bbb1e3e caused the kadm5 principals to be 
created with a random key directly instead of going through a password. 
I think there would still be problems when creating other principals with 
passwords, though.)

As a workaround, you should be able to move the des-cbc-crc:afs3 enctype 
to be the last entry in your supported_enctypes list, and put AES/RC4 
enctypes before that enctype.

The issue stems from the loop over key/salt-type pairs in add_key_pwd() 
(lib/kdb/kdb_cpw.c); we have a local variable to hold the string-to-key 
parameters which is normally set to NULL to indicate the default 
parameters.  Only in the afs3-salt case do we set it to something else, 
which happens to be a krb5_data structure of length 1 with value 1.  This 
magic value is interpreted by the DES family of string-to-key routines as 
meaning the afs3 salt.  The problem is that we don't reset it back to NULL 
before processing the next enctype.  The triple-DES family completely 
ignores the passed parameters, but both RC4 and AES (and camellia) do some 
checking on it, returning the error which translates to the text you see.

The fix should appear in the 1.12 release, and is simple enough that we 
should be able to backport it easily.

Thanks for pointing out the error.

-Ben


More information about the Kerberos mailing list