Preauth / AES / MIT Kerberos / TGT des3-cbc-sha1
Greg Hudson
ghudson at mit.edu
Mon Feb 12 11:53:02 EST 2018
On 02/12/2018 10:37 AM, John Tang Boyland wrote:
> What's going on? Does MIT kerberos not actually support AES256?
Check the keys for the krbtgt/<REALM> principal entry. The ticket will
always be encrypted in the first of those keys. I suspect that key is des3.
To explain your three different results:
1. When you use kinit normally, the KDC chooses aes256-cts to encrypt
the reply (you can't see this), des3 to encrypt the ticket, and probably
des3 for the session key.
2. When you use "kinit -e aes128-cts", the KDC can't find a match
between the request enctypes and the client principal keys, since the
client principal has only an aes256-cts key. The KDC should respond
with a "KDC has no support for encryption type" error, but instead it
says something nonsensical: "you have to do preauth, but I don't have
any preauth mechs which will work". I will file a ticket for this KDC
behavior. The Apple kinit has a special error message for this
response, which could probably be improved (but not by a lot; it's hard
to say something useful to a user in this case).
3. When you restrict the request enctypes to aes256-cts aes128-cts
through configuration, the KDC can't select a session key enctype
agreeable to both the request and the server (it assumes that the
server, in this case krbtgt/<REALM>, can only support ticket session
keys matching the enctypes it has keys for). So it responds with a "KDC
has no support for encryption type" error.
More information about the Kerberos
mailing list