kerberos error: PAC checksum type is not keyed

Andrew Bartlett abartlet at
Tue Oct 26 18:05:05 MDT 2010

On Thu, 2010-10-21 at 08:17 +1100, Andrew Bartlett wrote:
> On Wed, 2010-10-20 at 10:22 -0400, Aaron Solochek wrote:
> > I'm getting ever closer to having nfs4 working with the samba4 kdc.  Currently I
> > seem to be blocking on the error "PAC checksum type is not keyed" which is
> > generated by the kdc when nfs sends a PA-TGS-REQ for nfs/
> > 
> > >From googling, it seemed to be related to the des-cbc-crc enctype, so I set
> > 
> > default_tkt_enctypes = rc4-hmac des-cbc-md5
> > 
> > in krb5.conf on both client and server.
> > 
> > 
> > Then the problem changes slightly.  With that option set, the client first
> > requests nfs/ with enctypes "rc4-hmac des-cbc-md5", and that
> > succeeds, but immediately following that the client sends the exact same
> > request, only this time the enctypes are back to "des-cbc-crc des-cbc-md5
> > des-cbc-md4" and it fails again with PAC checksum error.
> > 
> > 
> > So it seems that I have 2 bugs.
> > 
> > 1) PAC checksum bug
> > 
> > 2) kerberos client (libraries or nfs4?) bug that causes the second request
> > ignoring the enctypes specified in krb5.conf.
> > 
> > 
> > What can I do about #1?
> Someone needs to confirm what Windows does here.  The PAC security
> relies on the checksum being keyed, so my gut feeling is to omit the
> checksum in this case.  We need to determine if this is security issue
> with Windows, or there is some other protection, or Windows omits it.
> (This should not be relevant for NFSv4, which should never need to use
> DES, but is important for AFS clients).

I've now looked into the windows behaviour, which is documented here:

The problem is that when different crypto-systems are used (Example 2),
Heimdal objects because the keys involved are not the right type or
length.  I'm working with upstream Heimdal to find out if we can get a
better API for this, plus a way to handle the crazy windows behaviour
exception noted there. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list