HP CIFS Server and Kerberos
47
Notice that the successful decrypt log entry is embedded with a multitude of failure entries. It is hard
to find in the log, so use diligence when analyzing the output.
The encryption type for the ATCUX5 service ticket logon is CRC (0x1).
reserved 0 [RFC-ietf-krb-wg-crypto-07.txt]
des-cbc-crc 1 [RFC-ietf-krb-wg-crypto-07.txt]
des-cbc-md4 2 [RFC-ietf-krb-wg-crypto-07.txt]
des-cbc-md5 3 [RFC-ietf-krb-wg-crypto-07.txt]
[reserved] 4
des3-cbc-md5 5
[reserved] 6
des3-cbc-sha1 7
dsaWithSHA1-CmsOID 9 (pkinit)
md5WithRSAEncryption-CmsOID 10 (pkinit)
sha1WithRSAEncryption-CmsOID 11 (pkinit)
rc2CBC-EnvOID 12 (pkinit)
rsaEncryption-EnvOID 13 (pkinit from PKCS#1 v1.5)
rsaES-OAEP-ENV-OID 14 (pkinit from PKCS#1 v2.0)
des-ede3-cbc-Env-OID 15 (pkinit)
des3-cbc-sha1-kd 16 [RFC-ietf-krb-wg-crypto-07.txt]
aes128-cts-hmac-sha1-96 17 [RFC-raeburn-krb-rijndael-krb-07.txt]
aes256-cts-hmac-sha1-96 18 [RFC-raeburn-krb-rijndael-krb-07.txt]
rc4-hmac 23 (Microsoft)
rc4-hmac-exp 24 (Microsoft)
subkey-keymaterial 65 (opaque; PacketCable)
Windows XP SP1 client user buffy requests service ticket for HP CIFS Server (Samba) share:
Command: Map Network Drive window, \\atcux5\buffy.