krb5-1.8 fails to verify MS PAC Checksum when AES 256 is used causing sshd to fail

Luke Howard lukeh at
Thu Jul 1 07:25:12 EDT 2010

Does it fail with KRB5_BAD_ENCTYPE? We can change krb5_rd_req_decoded_opt() to try all the keys in the keytab if krb5int_authdata_verify() fails with the key that decrypted the ticket.

-- Luke

More information about the krbdev mailing list