[32855] in Kerberos
Re: Windows 2008 R2 problems
daemon@ATHENA.MIT.EDU (Markus Moeller)
Sat Oct 30 15:40:45 2010
To: kerberos@mit.edu
From: "Markus Moeller" <huaraz@moeller.plus.com>
Date: Sat, 30 Oct 2010 20:38:44 +0100
Message-ID: <iahs8a$ige$1@dough.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@dough.gmane.org
In-Reply-To: <iah61u$rak$1@dough.gmane.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
If I use RC4-hmac it works but AES 128/256 fail on Windows 2008 R2 although
AES 128/256 works on 2008. Can anybody confirm ? Has 2008 R2 changed
something compared to 2008 ?
Thank you
Markus
"Markus Moeller" <huaraz@moeller.plus.com> wrote in message
news:iah61u$rak$1@dough.gmane.org...
> Stepping through the debugger. I get an error here:
>
> in krb5int_dk_decrypt from dk_aead.c using MIT 1.8.3
>
> 260
> 261 /* Compare only the possibly truncated length. */
> 262 if (memcmp(cksum, trailer->data.data, hmacsize) != 0) {
> 263 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
> 264 goto cleanup;
> 265 }
>
> which I think does not relate to the new mech type. Any idea what to look
> for ?
>
> Thank you
> Markus
>
>
> "Markus Moeller" <huaraz@moeller.plus.com> wrote in message
> news:iafjbr$soe$1@dough.gmane.org...
>>
>> "Simo Sorce" <ssorce@redhat.com> wrote in message
>> news:20101029175054.721e9fa9@willson.li.ssimo.org...
>>> On Fri, 29 Oct 2010 22:26:36 +0100
>>> "Markus Moeller" <huaraz@moeller.plus.com> wrote:
>>>
>>>> Hi
>>>>
>>>> I try to use a Windows 2008 R2 server together with MIT libraries
>>>> 1.8.1 for Negotiate authentication. It works fine with 2008 but 2008
>>>> R2 seems to have implemented
>>>> http://www.ietf.org/id/draft-zhu-negoex-02.txt which uses a new
>>>> mechtype 1.3.6.1.4.1.311.2.2.30. Is this supported/tested with MIT
>>>> 1.8.1 ?
>>>
>>> NEGOEX is not implemented by any MIT version at this stage.
>>>
>>
>> So will it be ignored or does it create an error ?
>>
>>> Simo.
>>>
>>> --
>>> Simo Sorce * Red Hat, Inc * New York
>>> ________________________________________________
>>> Kerberos mailing list Kerberos@mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>
>>
>> Thank you
>> Markus
>>
>>
>> ________________________________________________
>> Kerberos mailing list Kerberos@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
