Hi, Can you try the following to see if it works?
> permitted_enctypes = arcfour-hmac I successfully tested with that encryption type here: https://git1-us-west.apache.org/repos/asf?p=directory-kerby.git;a=blob;f=kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java;hb=c3015c04 The problem is that Kerby maps arcfour-hmac, arcfour-hmac-md5 and rc4-hmac to the same encryption type here: https://github.com/apache/directory-kerby/blob/1e5a370602d289968c067e55d3bbc7015fee91d1/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java And by default this number (0x0017) is always mapped to arcfour-hmac in the code. I guess this is a bug - feel free to open a JIRA for it. Colm. On Thu, Apr 19, 2018 at 3:25 PM, Kamil Krzysztof Krynicki < [email protected]> wrote: > Hi all, > > I have a quick question. For a while now I have been struggling to make > kerby work with arcfour-hmac-md5 ciphered keytab file (required by the kdc > I use). > > I've encountered some issues. > > First - by default kerby does not seem to recognize the encryption and > simply gives me a: > > org.apache.kerby.kerberos.kerb.KrbException: The request failed Client > key should be prepared or prompted at this time! > (a little criptic, but it essentially means that kerby is unable to find > suitable encoding, KdcRequest.java@363) > > If I set permitted_enctypes = arcfour-hmac-md5 I get the following: > > org.apache.kerby.kerberos.kerb.KrbException: The request failed Unknown > algorithm name for the encryption type ARCFOUR_HMAC_MD5 > > And lastly, if I set permitted_enctypes = rc4-hmac-md5 I get, once more: > org.apache.kerby.kerberos.kerb.KrbException: The request failed Client > key should be prepared or prompted at this time! > (debugging told me that it reaches a point where it compares "rc4" with > "arcfour" and says they are different) > > Everything seems to be pointing towards a map called CIPHER_ALGO_MAP, > which maps "rc4" to ArcFourHmac, but not "arcfour". > > static { > CIPHER_ALGO_MAP.put("rc4", "ArcFourHmac"); > CIPHER_ALGO_MAP.put("aes256", "AES256"); > CIPHER_ALGO_MAP.put("aes128", "AES128"); > CIPHER_ALGO_MAP.put("des3", "DESede"); > CIPHER_ALGO_MAP.put("des", "DES"); > } > > My questions are: > - is this a bug or a feature? > - is it possible to make kerby work with keytab ciphered with > arcfour-hmac-md5? > > I'm on centOS 7 btw. > > Thank you, > Kamil > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
