[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: windows interop

>> In other words, [the way I see it] rc4-hmac should unconditionally go 
>> unsalted.
> IIRC the enctype is defined that way.

That is correct. So one can even strengthen the statement and say 
"rc4-hmac *must* go unsalted," right?

> You're just asking that it be 
> (accurately) reported that way in the PA-ENCTYPE-INFO.

Well, PA-ENCTYPE-INFO is not the only place where [non-existing in this 
case] salt appears, it's exposed in PA-PW-SALT on wire and there is a 
hint in 'get principal' in kadmin.

> Doesn't sound like a big deal to fix.  Do you have a patch?

Well, I do have kludgy patch that omits it from PA-ENCTYPE-INFO (that's 
how I could confirm what it takes to make XP negotiate rc4-hmac with 
Heimdal), but I'd like to see consistency or at least consensus on how 
to address this problem. As mentioned in previous post I reckon that 
ideally database itself should be corrected (so that 'get principal' 
shows 'archfour-hmac-md5(null)' or something), nor should key generation 
procedure pass salt downstream for enc_type in question. Well, I realize 
that it might be to much to ask... Cheers. A.