[16789] in Kerberos_V5_Development
Re: GSS MIC problems between Unix and Windows
daemon@ATHENA.MIT.EDU (Richard Evans)
Tue May 3 13:36:46 2011
Message-ID: <4DC03D25.7080904@datanomic.com>
Date: Tue, 03 May 2011 18:36:37 +0100
From: Richard Evans <richard.evans@datanomic.com>
MIME-Version: 1.0
To: Greg Hudson <ghudson@mit.edu>, krbdev@mit.edu
In-Reply-To: <1304442080.2034.51.camel@t410>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I suspect that Windows is interpreting the standard slightly differently
... given that MIT krb5 and the Java implementation interact fine.
I was just hoping that there was some trick to resolve this.
Thanks anyway!
Richard
-------- Original Message --------
> On Tue, 2011-05-03 at 11:01 -0400, Nico Williams wrote:
>
>> This is almost certainly the RC4 interoperability bug in MIT krb5
>> recently reported by Jeff Altman. Search the list archives for
>> details.
>>
> I don't think so. The RC4 weak key interoperability issue would strike
> once in millions of generated keys--often enough to cause a problem for
> protocols which wrap lots of messages in the course of operation, but
> only vanishingly rarely for SSH.
>
> Unfortunately, I don't know what's wrong and don't know a good way to
> pursue the problem. I might be able to explain why native 1.7.1
> generates a different format of MIC: 1.7 added support for enctype
> negotiation during the AP-REQ/AP-REP exchange, so it may have negotiated
> an AES subkey.
>
>
>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
