krb5_pac_verify and server key enctype extraction

Natalie Li Natalie.Li at Sun.COM
Mon Jul 20 11:41:49 EDT 2009

Luke Howard wrote:
>> Just to clarify, we're interested in the enctype associated with the 
>> server's long-term key that was used to decrypt the krb ticket 
>> carried in the KRB_AP_REQ, not the session key. Do we have an API to 
>> extract that information from GSS context?
> Not that I'm aware of. You can enumerate the keytab, looking for a key 
> with a mandatory checksum type that matches that in the PAC.
> -- Luke
Yes, we do something similar to your above suggestion for now. Thanks 
for confirming that there isn't any API for extracting tik enctype.



More information about the krbdev mailing list