HP CIFS Server and Kerberos

[2004/12/22 14:39:22, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(199)

ads_secrets_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type

[2004/12/22 14:39:22, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(199)

ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type

[2004/12/22 14:39:22, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(193)

ads_secrets_verify_ticket: enc type [3] decrypted message !

CIFS/Samba uses the HOST/atcux5@hpatc2003.hp.com (HOST/netbiosname@realm) principal, and

tries to decrypt the ticket with a set of Kerberos encryption types. The valid enc type is [3] (MD5 –

configured in krb5.conf), as shown in the log entry. You can observe the other attempted decrypt

encryption type etype Reference and/or Comment

------------------------------ ----- -------------------------

reserved 0 [RFC-ietf-krb-wg-crypto-07.txt]

des-cbc-crc 1 [RFC-ietf-krb-wg-crypto-07.txt]

des-cbc-md4 2 [RFC-ietf-krb-wg-crypto-07.txt]

des-cbc-md5 3 [RFC-ietf-krb-wg-crypto-07.txt]

rc2CBC-EnvOID 12 (pkinit)

rsaEncryption-EnvOID 13 (pkinit from PKCS#1 v1.5)

rsaES-OAEP-ENV-OID 14 (pkinit from PKCS#1 v2.0)

des-ede3-cbc-Env-OID 15 (pkinit)

des3-cbc-sha1-kd 16 [RFC-ietf-krb-wg-crypto-07.txt]

aes128-cts-hmac-sha1-96 17 [RFC-raeburn-krb-rijndael-krb-07.txt]

aes256-cts-hmac-sha1-96 18 [RFC-raeburn-krb-rijndael-krb-07.txt]

rc4-hmac 23 (Microsoft)

rc4-hmac-exp 24 (Microsoft)

subkey-keymaterial 65 (opaque; PacketCable)