[37998] in Kerberos
Re: wrong key is generated by krb5_c_string_to_key
daemon@ATHENA.MIT.EDU (Isaac Boukris)
Tue Jun 6 13:00:06 2017
MIME-Version: 1.0
In-Reply-To: <1496738938954-47089.post@n3.nabble.com>
From: Isaac Boukris <iboukris@gmail.com>
Date: Tue, 6 Jun 2017 19:59:50 +0300
Message-ID: <CAC-fF8TxZxEHxxjh-s6fNS4OwoTH3d3X2jP0zRZSRYBcWhDYpA@mail.gmail.com>
To: kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Jun 6, 2017 at 11:48 AM, Ashi1986 <vermaashish_mca@hotmail.com> wrote:
>>manually since its just an md4 hash with no salt, something like:
>># echo -n password | iconv -t UTF-16LE | openssl dgst -md4
>>And compare with the key in the keytab:
>># klist -Kekt krb5.keytab
>
> I have derived the key manually by using the below command:
> # echo -n password | iconv -t UTF-16LE | openssl dgst -md4
> and the generated key regarding RC4 is same as key generated by KTPASS
> command.
>
> but the key generated by MIT function krb5_c_string_to_key is different from
> the key generated by KTPASS command.
Maybe try to compare your usage to how it is used in ktutil code,
which works perfectly fine afaict (using arcfour-hmac enc-type), see:
https://buildfarm.opencsw.org/source/xref/krb5/src/kadmin/ktutil/ktutil_funcs.c#89
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
