To: | kfw-bugs@MIT.EDU |
Subject: | Vista no longer returns enctype 0 for unavailable session keys |
Date: | Tue, 6 Mar 2007 18:44:00 -0500 (EST) |
From: | hartmans@MIT.EDU (Sam Hartman) |
Previous versions of Windows returned enctype 0 when a session key was unavailable in the cache because the allow session key registry key was not 1.
According to discussion on krbdev, Vista returns the same enctype the
session key actually has, but returns an all-zeros key. The MSLSA
should detect this situation and treat it the same as an enctype 0
ticket.
Currently when you try to use such a ticket you get a DES parity
error. That's only because 0 is not a valid des key. For other
enctypes you would get much more confusing errors.