krb5-1.8 fails to verify MS PAC Checksum when AES 256 is used causing sshd to fail
Douglas E. Engert
deengert at anl.gov
Fri Jul 2 22:32:17 EDT 2010
On 7/2/2010 4:35 PM, Luke Howard wrote:
> On 02/07/2010, at 4:44 PM, Douglas E. Engert wrote:
>> On 7/1/2010 4:35 PM, Luke Howard wrote:
>>>> With msDS-SupportedEncryptionTypes = 16 (AES256) The first verify fails
>>>> as expected, and the keytab is searched, and each key is tried. But
>>>> the RC4 key (23) gets a KRB5KRB_AP_ERR_BAD_INTEGRITY as the compare
>>>> of the computed and supplied checksums don't match.
>>> Perhaps they're rc4-hmac with the AES key. (This really wouldn't surprise me. Ironically it might make the code path simpler.)
>> I was thinking along the same lines last night. I tried you second patch, and that did not work
>> getting these messages:
>> GSS-API error accepting context: Unspecified GSS failure. Minor code may provide more information
>> GSS-API error accepting context: Key size is incompatible with encryption type
> OK, so we need both patches?
No, just the one I sent for the checksum.c
>> The CKSUMTYPE_MD5_HMAC_ARCFOUR = -137 may also be misnamed, and the
>> same patch might be needed with it as well. I don't know where is is
>> used, but since HMAC can use any key<= 64 bytes, it may not need the
>> & krb5int_enc_arcfour.
> That might be OK, it was just used for NetLogon, not by Kerberos.
> -- Luke
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev