message size incompatible with type error for krb5-1.9 lib using Windows 2003 KDC

Douglas E. Engert deengert at anl.gov
Thu Feb 17 10:46:24 EST 2011 


On 2/16/2011 7:00 PM, Luke Howard wrote:
>> That is 0x2200200.
>> You also have the USE_DES_KEY_ONLY bit (0x200000) turned on, so the Windows DC will
>> assume the machine can only do DES. So that may be why the PAC signature
>> is using DES.
>
>
> I haven't read the whole thread, but I believe the signature is hard-coded to use RC4-HMAC (at least pre-AES).

What it sounds like HMAC can be used on any key and I have seen it used on AES keys.
Based on what was said in this thread, the KDC *might* be using HAMC-MD5 on a DES key.
A dump of a failing packet would show what is really going on.

[MS-KILE]
http://msdn.microsoft.com/en-us/library/cc233855(v=prot.13).aspx
lists for checksums:

> hmac-sha1-96-aes128 [15] [RFC3962]
> hmac-sha1-96-aes256 [16] [RFC3962]
> hmac-md5-string [-138] [RFC4757]

Note the use if the name "string", not RC4, even though the RFC 4757
referrs to RC4,

[MS-PAC]
http://msdn.microsoft.com/en-us/library/cc237917(v=prot.10).aspx
Section 2.8.1 says:
  "The KDC will use the long-term key that the KDC shares with the
   server, so that the server can verify this signature on receiving a PAC."

If the server only supports DES, then it could be using the DES
key as the "string" for the checksum.

When RFC 4757 was written, all systems that could use/check a PAC
would have RC4 as they were all Windows. Kerberos implemtations at
that time just ignored the PAC. But newer Kerberos libs can now chech
the PAC signatures but the server is questions is set to DES ONLY.
If it also supported RC4, this would not be an issue.

A dump of a failing packet would show what is really going on.

This was also helpful:
http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx

> On Wed, 2011-02-16 at 10:16 -0500, Elzey, Blaine A (Blaine) wrote:
> "Message size is incompatible with encryption type" minor error is returned during
 > gss_accept_sec_context.  Previous error was "Encryption type not permitted" which
 > was fixed by adding allow_weak_crypto = true to server's krb5.conf.





>
> -- Luke
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list