[OpenAFS] Re: OpenAFS 1.7.26 windows and not changed AFS service
principle - OK?
Lars Schimmer
l.schimmer@cgv.tugraz.at
Fri, 26 Jul 2013 14:07:46 +0200
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2GNSVKJUKKDKKFCSNLDTA
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 2013-07-26 12:56, Jeffrey Altman wrote:
> What are the enctypes of the service tickets obtained on the Windows
> systems that do not work? The enctypes from a service ticket on Linux=
> using the old client using the old algorithm are not comparable.
Ok, now with access to such a machine:
krbtgt/CGV.TUGRAZ.AT@CGV.TUGRAZ.AT
Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 CTS
mode with 96-bit SHA-1 HMAC
afs/cgv.tugraz.at/CGV.TUGRAZ.AT
Etype /skey, tkt): DES cbc mode with CRC-32, AES-256 CTS mode with
96-bit SHA-1 HMAC
On the working machine the AES-256 CTS is also some kind of DES.
Interesting why one of three get 2 DES and non AES....
But yeah, that looks like new client tries to use AES-256 and fail.
MfG,
Lars Schimmer
--=20
-------------------------------------------------------------
TU Graz, Institut f=C3=BCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
------enig2GNSVKJUKKDKKFCSNLDTA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlHyZpIACgkQmWhuE0qbFyOpIACeKBZ8CK2q6ucxke2nGylT6bnA
ff8Anj+r+XoHUzzakl9hYez9n+mBEgZJ
=1ZF4
-----END PGP SIGNATURE-----
------enig2GNSVKJUKKDKKFCSNLDTA--