From: | ghudson@mit.edu |
Subject: | KDC can select local TGT key of unsupported enctype |
Date: | Wed, 13 May 2020 12:59:37 -0400 |
To: | rt@krbdev.mit.edu |
If the first current key of the local krbtgt principal is of an unsupported enctype, but there are other keys of the same enctype, an AS-REQ for a local TGT will fail with the cryptic "HANDLE_AUTHDATA: <client> for krbtgt/REALM@REALM, Bad encryption type". This error has been observed in the wild (by Leonard Peirce at WMich) while staging an upgrade from 1.14 to 1.18, with a single-DES first local TGT key.
This happens is because get_local_tgt() (introduced in commit 570967e11bd5ea60a82fc8157ad7d07602402ebb) takes a shortcut, decrypting the first key data entry in the principal entry instead of calling krb5_dbe_find_enctype() as previous code did. Commit 44ad57d8d38efc944f64536354435f5b721c0ee0 made this shortcut mostly valid by sorting key data, but there is still this edge case. When make_signedpath_checksum() tries to use the local TGT key, it gets the KRB5_BAD_ENCTYPE error.
This happens is because get_local_tgt() (introduced in commit 570967e11bd5ea60a82fc8157ad7d07602402ebb) takes a shortcut, decrypting the first key data entry in the principal entry instead of calling krb5_dbe_find_enctype() as previous code did. Commit 44ad57d8d38efc944f64536354435f5b721c0ee0 made this shortcut mostly valid by sorting key data, but there is still this edge case. When make_signedpath_checksum() tries to use the local TGT key, it gets the KRB5_BAD_ENCTYPE error.