On Tue, Apr 25, 2006 at 07:53:00PM +0200, Elrond wrote:
[...]
> > This could be the problem, from your earlier logs, I think your
> > current kvno is 2. It seems shishi hard code the authenticator
> > checksum kvno to 1, which is bad. I've fixed this in CVS, and I think
> > the daily Debian packages has it. Could you re-try?
>
> Ahhh.
>
> Yes, my heimdal keys have kvno > 1 sometimes, too.
>
> Okay, will retry soon.
Okay.
Bad news: It did not help.
Good news: The kvno isn't anymore in the TGS-REQ.
Okay, here's a quick list, what I can see:
1) The name-type issue still isn't fixed. (unknown/0, but
should be Prinicpal/1)
2) shishi has a sub-key and sequence number in the TGS-REQ.
heimdal doesn't. (no idea, if that is good or not.)
3) I'm starting to get the feeling, that something on my
box is somewhat mixed up.
a) If I find the time, I will compile it on another box
with access to the w2k3-kdc.
b) Do I have a realistic chance to verify checksums by
"hand"? Setting it to md5 in crypto-rc4 would be my
first step, so that I would "only" need to run md5 on
some parts of the packet.
What next?
Elrond
_______________________________________________
Help-shishi mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-shishi
