[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue with decryption of windows 2003 service tickets

To: heimdal-discuss@sics.se
Subject: Issue with decryption of windows 2003 service tickets
From: <austin.cherian@gmail.com>
Date: Tue, 11 Dec 2007 19:03:45 +0100 (CET)
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, <austin.cherian@gmail.com>


Hi there, i have this issue with Heimdal not being able to decrypt kerberos
service tickets obtained from a windows 2003 KDC, here is the problem in detail
:

i am using version 0.8 of Heimdal and am using the library api - krb5_rd_req()
with a keytab ( obtained from the windows 2003 server ) as credential to verify
a service ticket i obtain from a windows 2003 KDC. However the API always
returns with an error "Decrypt Integrity check failed" ( basically unable to
decrypt the service ticket ). 

I have made sure that the service ticket getting returned back follows the same
encryption scheme as the key in the keytab ( des-cbc-md5 ). I then tried this
with a windows 2000 KDC and found that krb5_rd_req() is able to decrypt the
service tickets coming from the  KDC. For the same encryption scheme there
seems to be a difference between windows 2000 and windows 2003 encrypted
service tickets and how the Heimdal API's behave. 

Can some one please provide some information.

Prev by Date: Re: heimdal 1.0.2RC6
Next by Date: Re: heimdal 1.0.2RC6
Prev by thread: Re: heimdal 1.0.2RC6
Next by thread: 555eu bonus from Las Vegas
Index(es):
- Date
- Thread