[OpenAFS] Re: klog.krb5 incompatible with Heimdal 1.5.1?

Andreas Haupt ahaupt@ifh.de
Fri, 14 Oct 2011 10:10:07 +0200


--=-cN8Btbb+XyOoazGnjrkr
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit

Hi Andrew,

this looks like a hint. Interestingly it doesn't match my observations
with wireshark! I've attached the two AS-REP responses with the suffix
-working & -notworking. The responses are identical (except for the KDC
ip and the encrypted data) ... 

141.34.22.10 is a Heimdal 1.2.1 KDC, 141.34.22.11 is version 1.5.1

Does this help any further?

Cheers,
Andreas
-- 
| Andreas Haupt             | E-Mail: andreas.haupt@desy.de
|  DESY Zeuthen             | WWW:    http://www-zeuthen.desy.de/~ahaupt
|  Platanenallee 6          | Phone:  +49/33762/7-7359
|  D-15738 Zeuthen          | Fax:    +49/33762/7-7216


--=-cN8Btbb+XyOoazGnjrkr
Content-Disposition: attachment; filename="wireshark.out-working"
Content-Type: text/plain; name="wireshark.out-working"; charset="UTF-8"
Content-Transfer-Encoding: 7bit

No.     Time        Source                Destination           Protocol Info
   9287 44.161261   141.34.22.10          141.34.2.11           KRB5     AS-REP NT Status: Unknown error code 0x2e484649

Frame 9287 (673 bytes on wire, 673 bytes captured)
Ethernet II, Src: Cisco_59:2e:80 (a8:b1:d4:59:2e:80), Dst: Dell_8d:ab:78 (00:18:8b:8d:ab:78)
Internet Protocol, Src: 141.34.22.10 (141.34.22.10), Dst: 141.34.2.11 (141.34.2.11)
User Datagram Protocol, Src Port: kerberos (88), Dst Port: 33676 (33676)
Kerberos AS-REP
    Pvno: 5
    MSG Type: AS-REP (11)
    padata: PA-PW-SALT
        Type: PA-PW-SALT (3)
            Value: 4946482E4445616861757074
                NT Status: Unknown (0x2e484649)
                Unknown: 0x68614544
                Unknown: 0x74707561
    Client Realm: IFH.DE
    Client Name (Principal): ahaupt
        Name-type: Principal (1)
        Name: ahaupt
    Ticket
        Tkt-vno: 5
        Realm: IFH.DE
        Server Name (Principal): afs
            Name-type: Principal (1)
            Name: afs
        enc-part des-cbc-md5
            Encryption type: des-cbc-md5 (3)
            Kvno: 2
            enc-part: 6179B1966792CC7239F3985920F0CEF288BAA3B3031B9B4B...
    enc-part aes256-cts-hmac-sha1-96
        Encryption type: aes256-cts-hmac-sha1-96 (18)
        Kvno: 39
        enc-part: 44244E2F55FFA9BFCFCB3CD9436911927C34849DB4211EB6...

--=-cN8Btbb+XyOoazGnjrkr
Content-Disposition: attachment; filename="wireshark.out-notworking"
Content-Type: text/plain; name="wireshark.out-notworking"; charset="UTF-8"
Content-Transfer-Encoding: 7bit

No.     Time        Source                Destination           Protocol Info
   7142 33.774371   141.34.22.11          141.34.2.11           KRB5     AS-REP NT Status: Unknown error code 0x2e484649

Frame 7142 (721 bytes on wire, 721 bytes captured)
Ethernet II, Src: Cisco_59:2e:80 (a8:b1:d4:59:2e:80), Dst: Dell_8d:ab:78 (00:18:8b:8d:ab:78)
Internet Protocol, Src: 141.34.22.11 (141.34.22.11), Dst: 141.34.2.11 (141.34.2.11)
User Datagram Protocol, Src Port: kerberos (88), Dst Port: 49970 (49970)
Kerberos AS-REP
    Pvno: 5
    MSG Type: AS-REP (11)
    padata: PA-PW-SALT
        Type: PA-PW-SALT (3)
            Value: 4946482E4445616861757074
                NT Status: Unknown (0x2e484649)
                Unknown: 0x68614544
                Unknown: 0x74707561
    Client Realm: IFH.DE
    Client Name (Principal): ahaupt
        Name-type: Principal (1)
        Name: ahaupt
    Ticket
        Tkt-vno: 5
        Realm: IFH.DE
        Server Name (Principal): afs
            Name-type: Principal (1)
            Name: afs
        enc-part des-cbc-md5
            Encryption type: des-cbc-md5 (3)
            Kvno: 2
            enc-part: 84443A576FDBAE510178FC6ED072427A777EB51BC70A8A79...
    enc-part aes256-cts-hmac-sha1-96
        Encryption type: aes256-cts-hmac-sha1-96 (18)
        Kvno: 39
        enc-part: A305225BD2711CF12BF97B5B19975189C81F9976445586BB...

--=-cN8Btbb+XyOoazGnjrkr--