Content-Disposition: inline Message-ID: Content-Type: text/html; charset="utf-8" From: ghudson@mit.edu MIME-Version: 1.0 X-RT-Interface: Web Subject: KDC can select local TGT key of unsupported enctype Content-Transfer-Encoding: binary X-Mailer: MIME-tools 5.507 (Entity 5.507) Date: Wed, 13 May 2020 12:59:37 -0400 To: rt@krbdev.mit.edu X-RT-Original-Encoding: utf-8 Content-Length: 1048 If the first current key of the local krbtgt principal is of an unsupported enctype, but there are other keys of the same enctype, an AS-REQ for a local TGT will fail with the cryptic "HANDLE_AUTHDATA: <client> for krbtgt/REALM@REALM, Bad encryption type".  This error has been observed in the wild (by Leonard Peirce at WMich) while staging an upgrade from 1.14 to 1.18, with a single-DES first local TGT key.

This happens is because get_local_tgt() (introduced in commit 570967e11bd5ea60a82fc8157ad7d07602402ebb) takes a shortcut, decrypting the first key data entry in the principal entry instead of calling krb5_dbe_find_enctype() as previous code did. Commit 44ad57d8d38efc944f64536354435f5b721c0ee0 made this shortcut mostly valid by sorting key data, but there is still this edge case.  When make_signedpath_checksum() tries to use the local TGT key, it gets the KRB5_BAD_ENCTYPE error.