Ticket History #4975: Checksum type 14 undefined

RT for krbdev.mit.edu

History Show all quoted text — Show full headers

# Fri Dec 01 18:11:45 2006 kwc@citi.umich.edu (Kevin Coffman) - Ticket created

Subject:

Checksum type 14 undefined

Download (untitled) / with headers
text/plain 399B

If the Windows 2003 KDC returns a pkinit reply with a checksum rather
than the insecure nonce, it uses checksum type 14. This type is defined
in RFC3961, but not in the current code. I'm assuming that
Vista/Longhorn will also use this checksum type.

If we hack the pkinit code to use checksum type 9 when we get back 14,
it works. I do not know if a simple alias of type 9 is the correct answer.

# Sat Dec 11 01:28:56 2021 ghudson@mit.edu (Greg Hudson) - Comments added

Download (untitled) / with headers
text/html 273B

The hack referred to by Kevin was included in the PKINIT import, so this was never a bug from the user perspective. 14 is actually one of the correct values for SHA-1 according to RFC 3961, so we will make this work in libk5crypto (as a separate ticket).

# Sat Dec 11 01:28:56 2021 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'resolved'

# Sat Dec 11 01:29:06 2021 ghudson@mit.edu (Greg Hudson) - Tags nochange added