krb5-1.8 fails to verify MS PAC Checksum when AES 256 is used causing sshd to fail

Tom Yu tlyu at MIT.EDU
Thu Jul 1 16:58:50 EDT 2010

"Douglas E. Engert" <deengert at> writes:

> On 7/1/2010 9:25 AM, Luke Howard wrote:
>> See attached, untested patch. This could be optimised by mapping the
>> checksum type to an enctype (is there API for this?) and then
>> calling krb5_kt_get_entry() rather than enumerating the keytab, but
>> we still need to enumerate the keytab if server == NULL to handle
>> aliases.
> Thanks for the quick response of a patch. I applied the patch to 1.8
> for testing with some changes to replace the "for" with an if and
> while loop. See attached patch with some additional debuging output
> added.
> With the AD account entry attribute msDS-SupportedEncryptionTypes = 4
> (RC4 only) The first verify works.
> With msDS-SupportedEncryptionTypes = 16 (AES256) The first verify
> fails as expected, and the keytab is searched, and each key is
> tried. But the RC4 key (23) gets a KRB5KRB_AP_ERR_BAD_INTEGRITY as the
> compare of the computed and supplied checksums don't match.

Didn't Richard Silverman recently see something like this behavior?
I think we haven't been able to track it down yet.

More information about the krbdev mailing list