[16648] in Kerberos_V5_Development
Re: message size incompatible with type error for krb5-1.9 lib using
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Wed Feb 16 14:20:38 2011
Message-ID: <4D5C237D.7020306@anl.gov>
Date: Wed, 16 Feb 2011 13:20:29 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: "Elzey, Blaine A (Blaine)" <blaine.elzey@alcatel-lucent.com>
In-Reply-To: <0DEE3BCEE44BFD4EBC3B7DC009C8E792250702D082@USNAVSXCHMBSA3.ndc.alcatel-lucent.com>
Cc: "'krbdev@mit.edu'" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 2/16/2011 12:06 PM, Elzey, Blaine A (Blaine) wrote:
> Using adsiedit to manually modify the UserAccountControl Integer to include the NO_AUTH_DATA_REQUIRED bit (2097664 + 33554432 = 35652096) and that did not work. Perhaps my Win2003SP2 still needs some Hotfix, but my dll versions are newer than the what is specified in the article. The Hotfix download page said the release was Windows 2003 SP1 (x86), but I have 2003 SP2 (x86). The UserAccountControl value that works is 6291968, set no preauth for user from account properties. Is there another way to set the NO_AUTH_DATA_REQ other than adsiedit or did I need to perform some refresh to make the adsiedit change take affect? I am reluctant to apply the Hotfix.
>
That is 0x2200200.
You also have the USE_DES_KEY_ONLY bit (0x200000) turned on, so the Windows DC will
assume the machine can only do DES. So that may be why the PAC signature
is using DES.
How did you setup the keytab for the server? ktpass I presume.
You could look at using AES and/or arcfour for the service keys,
rather the DES.
>> From the Hotfix KB:
> Date Time Version Size File name
> -------------------------------------------------------
> 14-Sep-2004 16:26 5.2.3790.210 226,816 Kdcsvc.dll
> 14-Sep-2004 16:26 5.2.3790.210 324,608 Netapi32.dll
> 14-Sep-2004 16:26 5.2.3790.210 464,384 Samsrv.dll
>
> I have:
> kdcsvc.dll 5.2.3790.3959
> netapi32.dll 5.2.3790.3959
> samsrv.dll 5.3.3790.3959
>
> Blaine
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
