[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TGS revisited

From: Elrond
Subject: Re: TGS revisited
Date: Tue, 25 Apr 2006 23:22:48 +0200
User-agent: Mutt/1.5.9i

On Tue, Apr 25, 2006 at 07:53:00PM +0200, Elrond wrote:
> > This could be the problem, from your earlier logs, I think your
> > current kvno is 2.  It seems shishi hard code the authenticator
> > checksum kvno to 1, which is bad.  I've fixed this in CVS, and I think
> > the daily Debian packages has it.  Could you re-try?
> Ahhh.
> Yes, my heimdal keys have kvno > 1 sometimes, too.
> Okay, will retry soon.


Bad news: It did not help.
Good news: The kvno isn't anymore in the TGS-REQ.

Okay, here's a quick list, what I can see:

1) The name-type issue still isn't fixed. (unknown/0, but
   should be Prinicpal/1)

2) shishi has a sub-key and sequence number in the TGS-REQ.
   heimdal doesn't. (no idea, if that is good or not.)

3) I'm starting to get the feeling, that something on my
   box is somewhat mixed up.

   a) If I find the time, I will compile it on another box
      with access to the w2k3-kdc.
   b) Do I have a realistic chance to verify checksums by
      "hand"? Setting it to md5 in crypto-rc4 would be my
      first step, so that I would "only" need to run md5 on
      some parts of the packet.

What next?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]