GSS MIC problems between Unix and Windows

Richard Evans richard.evans at
Tue May 3 13:36:37 EDT 2011

I suspect that Windows is interpreting the standard slightly differently 
... given that MIT krb5 and the Java implementation interact fine.

I was just hoping that there was some trick to resolve this.

Thanks anyway!


-------- Original Message --------
> On Tue, 2011-05-03 at 11:01 -0400, Nico Williams wrote:
>> This is almost certainly the RC4 interoperability bug in MIT krb5
>> recently reported by Jeff Altman.  Search the list archives for
>> details.
> I don't think so.  The RC4 weak key interoperability issue would strike
> once in millions of generated keys--often enough to cause a problem for
> protocols which wrap lots of messages in the course of operation, but
> only vanishingly rarely for SSH.
> Unfortunately, I don't know what's wrong and don't know a good way to
> pursue the problem.  I might be able to explain why native 1.7.1
> generates a different format of MIC: 1.7 added support for enctype
> negotiation during the AP-REQ/AP-REP exchange, so it may have negotiated
> an AES subkey.

More information about the krbdev mailing list