krb5_pac_verify and server key enctype extraction

Luke Howard lukeh at
Thu Jul 16 02:02:27 EDT 2009

> Just to clarify, we're interested in the enctype associated with the  
> server's long-term key that was used to decrypt the krb ticket  
> carried in the KRB_AP_REQ, not the session key. Do we have an API to  
> extract that information from GSS context?

Not that I'm aware of. You can enumerate the keytab, looking for a key  
with a mandatory checksum type that matches that in the PAC.

-- Luke

More information about the krbdev mailing list