krb5-1.8 fails to verify MS PAC Checksum when AES 256 is used causing sshd to fail

Will Fiveash will.fiveash at
Wed Jun 30 16:33:42 EDT 2010

On Wed, Jun 30, 2010 at 02:17:31PM -0500, Douglas E. Engert wrote:
> The Solaris 10 provided Kerberos can use AES and does not have this problem,
> as I don't think it is checking the PAC...

You are correct, Solaris 10 Kerberos doesn't examine/check the PAC.

Will Fiveash
Note my new work e-mail address: will.fiveash at
Sent using mutt, a sweet text based e-mail app:

More information about the krbdev mailing list