[36764] in Kerberos
Establish FAST encrypted channel between linux client and windows
daemon@ATHENA.MIT.EDU (Faisal Ali)
Mon Feb 9 08:55:33 2015
MIME-Version: 1.0
From: Faisal Ali <faisal.ali.101@gmail.com>
Date: Mon, 09 Feb 2015 13:55:17 +0000
Message-ID: <CAPRB653gaNLG8TK1tja-EWUMdgGx_4B-PYXW4TrTXGyJOOzLyQ@mail.gmail.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I am trying to setup windows server for FAST encrypted channel support to
test OTP pre authentication in kerberos.
I have already tested on linux machine by deploying KDC using krb5-1.12.1
source code, freeradius server and using keytab of service principal to
receive armor ccache to be used to establish FAST encrypted channel between
client and KDC.
I have setup windows server 2012 for kerberos, and added support for "KDC
support for claims, compound authentication and Kerberos armoring" policy
on it. I can receive TGT for service principal. But, when I execute the
command "kinit -T <armor-cache> <principal>", KDC does not reply with any
padata and no FAST encrypted channel is established (observed through
wireshark log and Kerberos library logs).
Is it possible to establish a FAST encrypted channel between linux client
and Windows AD? Have I missed any setting?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
