Hi All , This is my setup .
windows 8.1 64 bit windows 2012 R2 server AD and KDC . BS2000 with MIT kerberos 1.13.2 I generate keytab for SPN using this command : ktpass -princ host/<Host name>@domain name -mapuser <domain name\domain user pass> pass <password> -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out C:\KeyTab\HMAC7U6.keytab I am trying to decrypt AP_REQ using this keytab. I looked at kvno, encryption type and everything else matches. while configuring the DES-CBC-CRC and DES-CBC-MD5 it works fine and Kerberos connection established. while decrypting the packet in krb5_c_decrypt -> krb5_k_decrypt -> krb5int_arcfour_decrypt returning KRB5KRB_AP_ERR_BAD_INTEGRITY? In case of encryption type RC4-HMAC, AES128-SHA1 and AES256-SHA1, It is noticed that keys generated from the password by using the function [lib/crypto/krb/string_to_key.c\*krb5_c_string_to_key*] is different from the key generated with the same password with KTPASS command. In case of DES-CBC-CRC and DES-CBC-MD5, generated keys are exactly matched with the keys generated by KTPASS command. Therefore kerberos connection becomes successful with the encryption type DES-CBC-CRC and DES-CBC-MD5 and connection gets failed with error code KRB5KRB_AP_ERR_BAD_INTEGRITY with the encryption type RC4-HMAC, AES128-SHA1 and AES256-SHA1. Please suggest how to fix this problem. Any help would be appreciated !!! Thanks & Regards -- View this message in context: http://kerberos.996246.n3.nabble.com/wrong-key-is-generated-by-krb5-c-string-to-key-tp47082.html Sent from the Kerberos - General mailing list archive at Nabble.com. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
