[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal 1.0.1 w2k interop

>> Some time this summer we have reported interoperability issues between 
>> heimdal 0.8.1 and w2k. The problem was two-fold:
>> - w2k can parse only PA_ENCTYPE_INFO structure, while heimdal fails to 
>> provide this structure, because it fails to identify w2k as "old" client;
>> - w2k (and even xp) seem to have hard-coded limitation for cryptotypes 
>> when it's not talking to AD controller, most notably it refuses/fails 
>> to use rc4_hmac for pre-authentication against heimdal/mit kdc;
>> First issue is still present in 1.0.1, because it fails to identify 
>> legacy Microsoft cryptotypes as "old" ones. Attached patch does the 
>> trick for us [by adding just mentioned cryptotypes to older_enctype()] 
>> and [so far] was tested with w2k, wxp, vista, mit krb5 and admitmac.
> Maybe all enctypes with lower numbers the aes should be considered 
> "old".

Yes, that would do the trick too. With reservation that it doesn't cause 
problems for private cryptotypes mentioned in k5.asn1. I have no idea 
when/if they are used and didn't consider anything more drastic than 
just adding Windows specific types.

> Anyway, added your patch.


>> Second issue disappeared in 1.0.1. Apparently because of changed order 
>> of appearance of supported cryptotypes in PA_ENCTYPE_INFO[2] reply. I 
>> mean 0.8.1 was ordering supported ones in same order as they were 
>> appearing in client's KDC_REQ, most notably with rc4_hmac first. 1.0.1 
>> on the other hand seem to return cypher types with des-cbc-md5 first 
>> and w2k manages to successfully get TGT and proceed further. Cheers. A.
> Does an joined windows machine pick up "better" enctypes then des when 
> its sent in ETYPE_INFO ?

No. I've joined W2K machine the Active Domain that has the trust to 
Heimdal realm, and it still picks des-cbc-md5 for pre-authentication 
against Heimdal KDC. I've even tried to wipe all enctypes but rc4 from 
my principal on Heimdal KDC, so that KDC offers only rc4 in 
PA_ENCTYPE_INFO for my account. But then W2K acts as if PA_ENCTYPE_INFO 
was not present, i.e. after it gets "you should pre-authenticate" reply 
[with rc4 alone], it just stops and displays "logon failed" dialog.

It should be explicitly noted that this interop problem is apparently 
specific to pre-authentication only. More specifically ticket returned 
in reply to pre-authenticated AS-REQ apparently may be encrypted with 
rc4, as W2K has no problem using it. In other words Windows effectively 
refuses to encrypt PA-ENC-TIMESTAMP in AS_REQ with rc4, but doesn't mind 
using rc4 in AS-REP. For reference, enctype on AD-KDC trust key is rc4 
(set with ktpass:-). Thanks again. A.