[OpenAFS] Re: OpenAFS 1.7.26 windows and not changed AFS service principle - OK?

Lars Schimmer l.schimmer@cgv.tugraz.at
Fri, 26 Jul 2013 14:07:46 +0200

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 2013-07-26 12:56, Jeffrey Altman wrote:

> What are the enctypes of the service tickets obtained on the Windows
> systems that do not work?   The enctypes from a service ticket on Linux=

> using the old client using the old algorithm are not comparable.

Ok, now with access to such a machine:
Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 CTS
mode with 96-bit SHA-1 HMAC
Etype /skey, tkt): DES cbc mode with CRC-32, AES-256 CTS mode with
96-bit SHA-1 HMAC

On the working machine the AES-256 CTS is also some kind of DES.
Interesting why one of three get 2 DES and non AES....

But yeah, that looks like new client tries to use AES-256 and fail.

Lars Schimmer
TU Graz, Institut f=C3=BCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.12 (GNU/Linux)