GSS unwrap fails using RC4 session key instead of subkey
Michael B Allen
ioplex at gmail.com
Wed May 7 13:36:34 EDT 2025
When using the MIT Kebreros gss-client program to initiate an RC4 resource,
my acceptor implementation (custom, not sun Java) fails to unwrap() because
the MITK initiator is using the session key instead of the subkey.
My initiator unconditionally uses the subkey which works with gss-server
(and the Windows SSPI initiator or acceptor.
Presumably I'm screwing up some flag during the AP-REQ/REP exchange.
Unfortunately running gss-client with the -pass option results in
PREAUTH_FAILED whereas without gdb it strangely works.
Where does the MITK initiator select the session key vs the subkey?
Bonus question: Is there a trick to getting gdb to work with gss-client
-pass?
Mike
PS: Yes, RC4 is discontinued but I decided to support it so it needs to
work 100%.
--
Michael B Allen
Java AD DS Integration
https://www.ioplex.com/ <http://www.ioplex.com/>
More information about the Kerberos
mailing list