On Thu, Apr 27, 2006 at 10:53:23PM +0200, Simon Josefsson wrote:
> Elrond <[EMAIL PROTECTED]> writes:
>
> >> > w2k3-kdc is still not liking us. :-|
> >
> > Okay, here's my current point of interest in this part:
> >
> > Changing shishi to use plain md5 for rc4-hmac makes
> > w2k3-kdc send a TGS-REP (ethereal sees it).
>
> Oh, then I think we are pretty close. You may not need to test the
> patches.
The patch to remove the subkey helped.
shishi with one -v told me lots of times, that it had
problems decrypting the received ticket (TGS-REP).
So I guess, the w2k3-kdc encrypts the ticket using the
sent subkey or exactly not (whatever shishi doesn't like).
At least ethereal couldn't decrypt the with-subkey version
either.
After adding the subkey patch, both (shishi and ethereal)
could decrypt the received ticket.
This all with rc-hmac4:plain-md5.
:hmac-md5 comes tomorrow.
I have no idea, what the specs says about TGS-with-subkey. ;)
Elrond
_______________________________________________
Help-shishi mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-shishi
