[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue with decryption of windows 2003 service tickets




Hi there, i have this issue with Heimdal not being able to decrypt kerberos
service tickets obtained from a windows 2003 KDC, here is the problem in detail
:

i am using version 0.8 of Heimdal and am using the library api - krb5_rd_req()
with a keytab ( obtained from the windows 2003 server ) as credential to verify
a service ticket i obtain from a windows 2003 KDC. However the API always
returns with an error "Decrypt Integrity check failed" ( basically unable to
decrypt the service ticket ). 

I have made sure that the service ticket getting returned back follows the same
encryption scheme as the key in the keytab ( des-cbc-md5 ). I then tried this
with a windows 2000 KDC and found that krb5_rd_req() is able to decrypt the
service tickets coming from the  KDC. For the same encryption scheme there
seems to be a difference between windows 2000 and windows 2003 encrypted
service tickets and how the Heimdal API's behave. 

Can some one please provide some information.