Incompatibility between krb's AES256-CTS-HMAC-SHA1-96 and Microsoft Windows Domain

Thu Nov 9 10:00:37 EST 2017

The thing is that kinit works well for the user (not computer)
The problem is that I register an SPN on the DC for that user (again, not
computer) using ldap, and then I resgister the same SPN
(MSSQL/mymachine.domain.com:1433 at DOMAIN.COM). The problem occurs when an
incoming connection gives me a token that I cannot accept. The error is
that I cannot decrypt it.

On Nov 9, 2017 16:47, "Andreas Schneider" <asn at samba.org> wrote:

> On Tuesday, 31 October 2017 15:20:18 CET Simo Sorce wrote:
> > On Tue, 2017-10-31 at 10:55 +0300, Ido Shlomo wrote:
> > > I am trying to upgrade our system's kerberos encryption from RC4 to
> > > AES256.
> > > I've set up a Microsoft Windows Domain user with AES256 encryption
> > > support.
> > > I'm creating a keytab for kinit using ktutil on Linux:
> > >
> > > ADD_ENTRY="addent -password -p $DOMAIN_LOCAL_USER@$DOMAIN_UPCASE -k 2
> > > -e AES256-CTS-HMAC-SHA1-96\n$DOMAIN_LOCAL_PASS\n"
> > > echo -e "$ADD_BASE_ENTRY\n$ADD_ENTRY\nwkt user.keytab\nquit\n" |
> ktutil
> > >
> > > kinit works well with that keytab.
> > >
> > > However, when I'm creating an SPN for this user using ktutil on Linux
> > >
> > > ADD_BASE_ENTRY="addent -password -p
> > > MSSQLSvc/$SHORT_HOSTNAME.$DOMAIN_LOWCASE@$DOMAIN_UPCASE -k 2 -e
> > > RC4-HMAC\n$DOMAIN_PASSWORD\n"
> > > echo -e "rkt spns.keytab\n$ADD_BASE_ENTRY\n$ADD_ENTRY\nwkt
> > > spns.keytab\nquit\n" | ktutil > /dev/null 2>&1
> > >
> > > then I'm unable to accept incoming connections using krb 1.15.2:
> > >
> > > GSS-API major_status:000d0000, minor_status:000186a6
> > > GetGSSError(): GSS Error ERR_MAX: Unspecified GSS failure.  Minor code
> > > may provide more information
> > > GetGSSError(): GSS Error ERR_MIN: Request ticket server
> > >
> > > > MSSQLSvc/greensqlcent21.kerberosdc.msft:1434 at KERBEROSDC.MSFT kvno 2
> > >
> > > enctype aes256-cts found in keytab but cannot decrypt ticket
> > >
> > > This has worked well when I was using RC4_HMAC for everything.
> > >
> > > *Some background:*
> > >
> > > My application mimics an MSSQL server. I'm running as a User (not as
> the
> > > computer) and I have set this user to login with AES256. Initially, I
> have
> > > kept the SPNs in the incoming keytab file with RC4_HMAC (this used to
> work
> > > when the domain user was also authenticating using RC4_HMAC), but I
> got an
> > > error that the gssapi accept function is looking for an AES256 entry in
> > > the
> > > SPN keytab file. So I changed the SPN keytab file to also use AES256
> and
> > > got the above error.
> > >
> > > Tested with both Windows 2k8 and 2k12 as Domain Controllers. Both fail.
> >
> > One of the differences with AES is that those keys are generated using
> > a SALT, unlike RC4_HMAC. So if the salt is not properly computed your
> > key will not match.
> > IIRC for SPNs in AD the Salt is always the computer name (as stored in
> > the SamAccountName attribute), while in most krb implementation the
> > SALT is the principal name, this may be why your key generation doesn't
> > work.
>
> There are different salt principals depending on the type, the most commond
> are:
>
> host/somehost.example.com at EXAMPLE.COM
> SomeAccount at EXAMPLE.COM
> SomePrincipal at EXAMPLE.COM
>
> However you need to convert the salt principal to a salt data blob which is
> passed to krb5_c_string_to_key(). Those need to be in the following form:
>
> EXAMPLE.COMhost/somehost.example.com
> EXAMPLE.COMSomeAccount
> EXAMPLE.COMSomePrincipal
>
>
>         Andreas
>