[cifs-protocol] Confirm kerberos key selection rules for PAC KDC signature

Andrew Bartlett abartlet at samba.org
Thu Feb 2 02:39:57 MST 2012

On Mon, 2012-01-30 at 20:26 +0000, Edgar Olougouna wrote:
> Andrew,
> This happens in a typical scenario similar to the following. 
> The DC is running Windows Server 2008 at domain functional level Windows Server 2003.
> The Kerberos client and server present following etypes to the DC:
> EType: aes256-cts-hmac-sha1-96 (18)
> EType: aes128-cts-hmac-sha1-96 (17)
> EType: rc4-hmac (23)
> The client is issued a ticket with an encryption type aes256-cts-hmac-sha1-96 (18). 
> The PAC in the in the service ticket has a SignatureType of KERB_CHECKSUM_HMAC_MD5 (based of the logic described in my previous email, condition 1) is met but condition 2) is not met).

I'm clearly missing something here:  

How does the KDC issue a service ticket with type AES and not meet the
requirements for an AES checksum on the PAC?  Also, which key is the
signature calculated with in this case?

Also, can you explain how this describes the behaviour when the server
only supports DES?

We find that the SignatureType is of type KERB_CHECKSUM_HMAC_MD5 but
they DES key (with which the ticket was encrypted) is in fact used for
the HMAC calculation. 


Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the cifs-protocol mailing list