[OpenAFS] Re: OpenAFS 1.7.26 windows and not changed AFS service principle - OK?

Lars Schimmer l.schimmer@cgv.tugraz.at
Fri, 26 Jul 2013 14:07:46 +0200


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2GNSVKJUKKDKKFCSNLDTA
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 2013-07-26 12:56, Jeffrey Altman wrote:

> What are the enctypes of the service tickets obtained on the Windows
> systems that do not work?   The enctypes from a service ticket on Linux=

> using the old client using the old algorithm are not comparable.


Ok, now with access to such a machine:
krbtgt/CGV.TUGRAZ.AT@CGV.TUGRAZ.AT
Etype (skey, tkt): AES-256 CTS mode with 96-bit SHA-1 HMAC, AES-256 CTS
mode with 96-bit SHA-1 HMAC
afs/cgv.tugraz.at/CGV.TUGRAZ.AT
Etype /skey, tkt): DES cbc mode with CRC-32, AES-256 CTS mode with
96-bit SHA-1 HMAC

On the working machine the AES-256 CTS is also some kind of DES.
Interesting why one of three get 2 DES and non AES....

But yeah, that looks like new client tries to use AES-256 and fail.



MfG,
Lars Schimmer
--=20
-------------------------------------------------------------
TU Graz, Institut f=C3=BCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723




------enig2GNSVKJUKKDKKFCSNLDTA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlHyZpIACgkQmWhuE0qbFyOpIACeKBZ8CK2q6ucxke2nGylT6bnA
ff8Anj+r+XoHUzzakl9hYez9n+mBEgZJ
=1ZF4
-----END PGP SIGNATURE-----

------enig2GNSVKJUKKDKKFCSNLDTA--