[OpenAFS] Re: klog.krb5 incompatible with Heimdal 1.5.1?
Andreas Haupt
ahaupt@ifh.de
Fri, 14 Oct 2011 10:10:07 +0200
--=-cN8Btbb+XyOoazGnjrkr
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Hi Andrew,
this looks like a hint. Interestingly it doesn't match my observations
with wireshark! I've attached the two AS-REP responses with the suffix
-working & -notworking. The responses are identical (except for the KDC
ip and the encrypted data) ...
141.34.22.10 is a Heimdal 1.2.1 KDC, 141.34.22.11 is version 1.5.1
Does this help any further?
Cheers,
Andreas
--
| Andreas Haupt | E-Mail: andreas.haupt@desy.de
| DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216
--=-cN8Btbb+XyOoazGnjrkr
Content-Disposition: attachment; filename="wireshark.out-working"
Content-Type: text/plain; name="wireshark.out-working"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
No. Time Source Destination Protocol Info
9287 44.161261 141.34.22.10 141.34.2.11 KRB5 AS-REP NT Status: Unknown error code 0x2e484649
Frame 9287 (673 bytes on wire, 673 bytes captured)
Ethernet II, Src: Cisco_59:2e:80 (a8:b1:d4:59:2e:80), Dst: Dell_8d:ab:78 (00:18:8b:8d:ab:78)
Internet Protocol, Src: 141.34.22.10 (141.34.22.10), Dst: 141.34.2.11 (141.34.2.11)
User Datagram Protocol, Src Port: kerberos (88), Dst Port: 33676 (33676)
Kerberos AS-REP
Pvno: 5
MSG Type: AS-REP (11)
padata: PA-PW-SALT
Type: PA-PW-SALT (3)
Value: 4946482E4445616861757074
NT Status: Unknown (0x2e484649)
Unknown: 0x68614544
Unknown: 0x74707561
Client Realm: IFH.DE
Client Name (Principal): ahaupt
Name-type: Principal (1)
Name: ahaupt
Ticket
Tkt-vno: 5
Realm: IFH.DE
Server Name (Principal): afs
Name-type: Principal (1)
Name: afs
enc-part des-cbc-md5
Encryption type: des-cbc-md5 (3)
Kvno: 2
enc-part: 6179B1966792CC7239F3985920F0CEF288BAA3B3031B9B4B...
enc-part aes256-cts-hmac-sha1-96
Encryption type: aes256-cts-hmac-sha1-96 (18)
Kvno: 39
enc-part: 44244E2F55FFA9BFCFCB3CD9436911927C34849DB4211EB6...
--=-cN8Btbb+XyOoazGnjrkr
Content-Disposition: attachment; filename="wireshark.out-notworking"
Content-Type: text/plain; name="wireshark.out-notworking"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
No. Time Source Destination Protocol Info
7142 33.774371 141.34.22.11 141.34.2.11 KRB5 AS-REP NT Status: Unknown error code 0x2e484649
Frame 7142 (721 bytes on wire, 721 bytes captured)
Ethernet II, Src: Cisco_59:2e:80 (a8:b1:d4:59:2e:80), Dst: Dell_8d:ab:78 (00:18:8b:8d:ab:78)
Internet Protocol, Src: 141.34.22.11 (141.34.22.11), Dst: 141.34.2.11 (141.34.2.11)
User Datagram Protocol, Src Port: kerberos (88), Dst Port: 49970 (49970)
Kerberos AS-REP
Pvno: 5
MSG Type: AS-REP (11)
padata: PA-PW-SALT
Type: PA-PW-SALT (3)
Value: 4946482E4445616861757074
NT Status: Unknown (0x2e484649)
Unknown: 0x68614544
Unknown: 0x74707561
Client Realm: IFH.DE
Client Name (Principal): ahaupt
Name-type: Principal (1)
Name: ahaupt
Ticket
Tkt-vno: 5
Realm: IFH.DE
Server Name (Principal): afs
Name-type: Principal (1)
Name: afs
enc-part des-cbc-md5
Encryption type: des-cbc-md5 (3)
Kvno: 2
enc-part: 84443A576FDBAE510178FC6ED072427A777EB51BC70A8A79...
enc-part aes256-cts-hmac-sha1-96
Encryption type: aes256-cts-hmac-sha1-96 (18)
Kvno: 39
enc-part: A305225BD2711CF12BF97B5B19975189C81F9976445586BB...
--=-cN8Btbb+XyOoazGnjrkr--