[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TGS revisited
|
From: |
Elrond |
|
Subject: |
Re: TGS revisited |
|
Date: |
Tue, 25 Apr 2006 23:22:48 +0200 |
|
User-agent: |
Mutt/1.5.9i |
On Tue, Apr 25, 2006 at 07:53:00PM +0200, Elrond wrote:
[...]
> > This could be the problem, from your earlier logs, I think your
> > current kvno is 2. It seems shishi hard code the authenticator
> > checksum kvno to 1, which is bad. I've fixed this in CVS, and I think
> > the daily Debian packages has it. Could you re-try?
>
> Ahhh.
>
> Yes, my heimdal keys have kvno > 1 sometimes, too.
>
> Okay, will retry soon.
Okay.
Bad news: It did not help.
Good news: The kvno isn't anymore in the TGS-REQ.
Okay, here's a quick list, what I can see:
1) The name-type issue still isn't fixed. (unknown/0, but
should be Prinicpal/1)
2) shishi has a sub-key and sequence number in the TGS-REQ.
heimdal doesn't. (no idea, if that is good or not.)
3) I'm starting to get the feeling, that something on my
box is somewhat mixed up.
a) If I find the time, I will compile it on another box
with access to the w2k3-kdc.
b) Do I have a realistic chance to verify checksums by
"hand"? Setting it to md5 in crypto-rc4 would be my
first step, so that I would "only" need to run md5 on
some parts of the packet.
What next?
Elrond
- TGS revisited, Elrond, 2006/04/23
- Re: TGS revisited, Simon Josefsson, 2006/04/25
- Re: TGS revisited, Elrond, 2006/04/25
- Re: TGS revisited,
Elrond <=
- Re: TGS revisited, Simon Josefsson, 2006/04/25
- Re: TGS revisited, Elrond, 2006/04/25
- Re: TGS revisited, Simon Josefsson, 2006/04/26
- Re: TGS revisited, Elrond, 2006/04/26
- Re: TGS revisited, Simon Josefsson, 2006/04/27
- Re: TGS revisited, Elrond, 2006/04/27
- Re: TGS revisited, Simon Josefsson, 2006/04/27
- Re: TGS revisited, Elrond, 2006/04/27
- Re: TGS revisited, Simon Josefsson, 2006/04/27
- Re: TGS revisited, Elrond, 2006/04/27