[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal 1.0.1 w2k interop
Ooops! This time with attachement:-) A.
> - w2k can parse only PA_ENCTYPE_INFO structure, while heimdal fails to
> provide this structure, because it fails to identify w2k as "old" client;
>
> First issue is still present in 1.0.1, because it fails to identify
> legacy Microsoft cryptotypes as "old" ones. Attached patch does the
> trick for us [by adding just mentioned cryptotypes to older_enctype()]
> and [so far] was tested with w2k, wxp, vista, mit krb5 and admitmac.
--- ./kdc/kerberos5.c.orig 2007-08-09 09:47:22.000000000 +0200
+++ ./kdc/kerberos5.c 2007-10-16 10:02:06.000000000 +0200
@@ -362,6 +362,9 @@
case ETYPE_DES3_CBC_SHA1:
case ETYPE_ARCFOUR_HMAC_MD5:
case ETYPE_ARCFOUR_HMAC_MD5_56:
+ case ETYPE_ARCFOUR_MD4: /* windows specific */
+ case ETYPE_ARCFOUR_HMAC_OLD:
+ case ETYPE_ARCFOUR_HMAC_OLD_EXP:
return 1;
default:
return 0;
--- ./lib/asn1/k5.asn1.orig 2007-08-09 09:47:10.000000000 +0200
+++ ./lib/asn1/k5.asn1 2007-10-15 23:39:29.000000000 +0200
@@ -137,6 +137,10 @@
ETYPE_ARCFOUR_HMAC_MD5(23),
ETYPE_ARCFOUR_HMAC_MD5_56(24),
ETYPE_ENCTYPE_PK_CROSS(48),
+-- some "old" windows types
+ ETYPE_ARCFOUR_MD4(-128),
+ ETYPE_ARCFOUR_HMAC_OLD(-133),
+ ETYPE_ARCFOUR_HMAC_OLD_EXP(-135),
-- these are for Heimdal internal use
ETYPE_DES_CBC_NONE(-0x1000),
ETYPE_DES3_CBC_NONE(-0x1001),