wrong checksum type for arcfour-hmac-md5
Greg Hudson
ghudson at MIT.EDU
Wed Sep 15 12:12:53 EDT 2010
> Why isn't this considered a bug in the server??
All we know so far (assuming all of the given information is correct) is
that the server will accept a GSSAPI authenticator with an rsa-md5
checksum--which is not valid--but won't accept one with an hmac-md5
checksum.
That's not a bug in the server; if anything, the server is being overly
permissive by accepting rsa-md5. It's a bug in the "home-grown GSSAPI"
client that it's not jusing a GSSAPI authenticator checksum.
If there are other circumstances where the server will accept rsa-md5 in
an authenticator and not hmac-md5, that's worth knowing about.
More information about the krbdev
mailing list