| From: | Pierre Goyette <pierre@montreal.hcl.com> |
| To: | "'kfw-bugs@mit.edu'" <kfw-bugs@mit.edu> |
| Subject: | Potential problem with MS2MIT |
| Date: | Mon, 1 Mar 2004 11:33:46 -0500 |
I believe I have discovered a potential problem with MS2MIT.
Using the MS2MIT from the 2.5.0.1 build, when I import the tgt using ms2mit,
I get:
Ticket cache: API:krb5cc
Default principal: pierre@MTLW2KTEST.MONTREAL.HCL.COM
Valid starting Expires Service principal
03/01/04 10:03:31 03/01/04 20:03:31
krbtgt/MTLW2KTEST.MONTREAL.HCL.COM@MTLW2KTEST.MONTREAL.HCL.COM
renew until 03/08/04 10:03:31, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)
Using the MS2MIT from 2.1.2, when I import the tgt using ms2mit, I get:
Ticket cache: API:krb5cc
Default principal: pierre@MTLW2KTEST.MONTREAL.HCL.COM
Valid starting Expires Service principal
03/01/04 10:12:04 03/01/04 20:03:31
krbtgt/MTLW2KTEST.MONTREAL.HCL.COM@MTLW2KTEST.MONTREAL.HCL.COM
renew until 03/08/04 10:03:31, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32
Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)
I have attached my krb5.ini which shows the default encryption types as:
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
The config file for the unix server is also attached.
Clearly, ms2mit from 2.5.0.1 gets rc4 tickets instead of des-cbc-crc which
is what is specified in the krb5.ini.
If I get RC4 tickets, then I cannot authenticate to my unix server which is
expecting des-cbc-crc...
Pierre Goyette
Hummingbird, Ltd.
Using the MS2MIT from the 2.5.0.1 build, when I import the tgt using ms2mit,
I get:
Ticket cache: API:krb5cc
Default principal: pierre@MTLW2KTEST.MONTREAL.HCL.COM
Valid starting Expires Service principal
03/01/04 10:03:31 03/01/04 20:03:31
krbtgt/MTLW2KTEST.MONTREAL.HCL.COM@MTLW2KTEST.MONTREAL.HCL.COM
renew until 03/08/04 10:03:31, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)
Using the MS2MIT from 2.1.2, when I import the tgt using ms2mit, I get:
Ticket cache: API:krb5cc
Default principal: pierre@MTLW2KTEST.MONTREAL.HCL.COM
Valid starting Expires Service principal
03/01/04 10:12:04 03/01/04 20:03:31
krbtgt/MTLW2KTEST.MONTREAL.HCL.COM@MTLW2KTEST.MONTREAL.HCL.COM
renew until 03/08/04 10:03:31, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32
Kerberos 4 ticket cache: API:krb4cc
klist: No ticket file (tf_util)
I have attached my krb5.ini which shows the default encryption types as:
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
The config file for the unix server is also attached.
Clearly, ms2mit from 2.5.0.1 gets rc4 tickets instead of des-cbc-crc which
is what is specified in the krb5.ini.
If I get RC4 tickets, then I cannot authenticate to my unix server which is
expecting des-cbc-crc...
Pierre Goyette
Hummingbird, Ltd.
Message body not shown because it is not plain text.
Message body not shown because it is not plain text.