oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
30,145 Commits 2 Branches 2 Tags
9a0372d992e0c452ddfab3889c19c7bec5304b37
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Joseph Sutton 9a0372d992 kdc: Still prefer encryption types with "not default" salts except for des-cbc-crc 
Samba clients are often machine accounts with non-default salts that
will fail if they can't use the AES encryption type they know the KDC
supports.  The problem is that arcfour-hmac-md5 has no salt so was
being used in preference.

Samba started to fail when

kdc_config->preauth_use_strongest_session_key = true;

was forced into the KDC configuration.

The history here is an attempt to avoid Kerberos v4 salts in des-cbc-crc
keys, but this instead broke Samba clients with AES-keys on machine accounts
as these have a non-default salt by default.  These accounts were incorrectly
restricted to arcfour-hmac-md5 and they didn't like that.

A broader fix than Samba commit 8e1efd8bd3bf698dc0b6ed2081919f49b1412b53

REF: https://lists.samba.org/archive/samba/2021-October/237844.html

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=14864

Change-Id: Ia8908a5a2eef107e6b133d7f0e4343c1988c18bb
2022-01-17 15:42:03 -05:00
.github
GitHub: Add Failed Test Logs sections
2022-01-15 23:01:42 -06:00
admin
ktutil: Fix a warning
2022-01-14 17:59:49 -06:00
appl
otp: Fix warnings
2022-01-14 17:59:49 -06:00
cf
cf: Make clang-format style common makefile macro
2022-01-16 14:07:03 -06:00
doc
doc: add draft-perez-krb-wg-gss-preauth-03.txt
2021-09-23 19:16:35 +10:00
etc
add NTMakefile and windows directories
2011-07-17 12:16:59 -07:00
include
Use fallthrough statement attribute
2022-01-14 16:32:58 -06:00
kadmin
kadmin: Check for errors in init
2022-01-17 00:45:37 -06:00
kcm
kcm: kcmss_get_name_2 test correct output parameter
2022-01-16 00:31:03 -05:00
kdc
kdc: Still prefer encryption types with "not default" salts except for des-cbc-crc
2022-01-17 15:42:03 -05:00
kpasswd
kpasswdd: Fix warning
2022-01-14 17:10:16 -06:00
kuser
kimpersonate: Fix leaks
2022-01-14 17:59:49 -06:00
lib
asn1: Better handling of >63 named bits/ints
2022-01-17 12:39:19 -06:00
packages
Windows 10 SDK build fixes
2022-01-05 12:58:48 -06:00
po
Fix subject verb agreement in error message...
2018-03-09 17:04:29 -05:00
tests
hdb: eliminate hdb_entry_ex
2022-01-15 18:54:57 +11:00
tools
Improve coverage script a bit
2020-04-15 19:05:21 -05:00
windows
windows: bail early if unknown APPVER
2022-01-14 09:30:33 +11:00
.gitignore
asn1: Restore styling of generated sources
2022-01-11 17:45:27 -06:00
.travis.yml
travis: Do not brew update [harder]
2021-03-27 01:08:56 -05:00
acinclude.m4
use m4_define, over-quote string
2004-02-12 14:19:16 +00:00
appveyor.yml
appveyor: Use VS 2019 image to get working msys2
2022-01-05 12:59:35 -06:00
autogen.sh
check for JSON perl module and if not found ask developer to install it
2014-08-22 21:17:16 -07:00
ChangeLog
We stop writing change logs, see the source code version control systems history log instead
2008-11-12 04:17:33 +00:00
ChangeLog.1998
changes upto 1998
2000-06-07 10:01:25 +00:00
ChangeLog.1999
move older stuff over to ChangeLog.1999
2000-11-17 01:27:17 +00:00
ChangeLog.2000
move older entries to ChangeLog.2000
2001-01-03 01:50:47 +00:00
ChangeLog.2001
changes from 2001
2002-08-21 13:29:08 +00:00
ChangeLog.2002
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
ChangeLog.2003
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
ChangeLog.2004
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
ChangeLog.2005
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
ChangeLog.2006
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
ChangeLog.2007
switch to utf8 encoding of all files
2008-09-13 08:53:55 +00:00
CODE_OF_CONDUCT.md
Create CODE_OF_CONDUCT.md
2019-06-07 22:03:05 -04:00
configure.ac
asn1: Better clang-format / makefile pattern
2022-01-16 13:41:37 -06:00
krb5.conf
Remove use of krb4 settings in example krb5.conf.
2014-04-28 00:56:18 +02:00
LICENSE
update (c)
2014-08-23 19:14:10 -07:00
Makefile.am
Fix make dist
2022-01-14 20:10:19 -06:00
Makefile.am.common
move check-local target to cf/Makefile.am.common
2002-05-19 18:35:37 +00:00
NEWS
Fix transit path validation CVE-2017-6594
2017-04-13 18:06:39 -05:00
NTMakefile
Don't build the docs on appveyor
2019-11-20 18:14:44 -05:00
README
Update README mailing lists and links
2020-06-26 11:29:15 -04:00
README.fast
krb5: note GSS-API can be used as PA plugin interface
2021-12-17 19:42:35 +11:00
README.md
GitHub: Complete split of build.yml
2022-01-14 13:52:50 -06:00
SECURITY.md
Update SECURITY.md
2019-06-09 13:43:47 -04:00
TODO
need to fix lib/krb5/expand_path_w32.c
2010-01-05 19:21:45 +01:00

README.md

GitHub Build Workflow GitHub Build Workflow GitHub Build Workflow Appveyor-CI build (Windows) Coverage Status

Heimdal

Heimdal is an implementation of:

  • ASN.1/DER,
  • PKIX, and
  • Kerberos.

For information how to install see here.

There are man pages for most of the commands.

Bug reports and bugs are appreciated. Use GitHub issues.

For more information see the project homepage https://heimdal.software/heimdal/ or the mailing lists:

heimdal-announce@heimdal.software low-volume announcement heimdal-discuss@heimdal.software high-volume discussion

send mail to heimdal-announce-subscribe@heimdal.software and heimdal-discuss-subscribe@heimdal.software respectively to subscribe.

Build Status

Travis-CI build (Linux, OS X) Appveyor-CI build (Windows)

Reference in New Issue View Git Blame Copy Permalink
Description
Fork of https://github.com/heimdal/heimdal
Readme Multiple Licenses 57 MiB
Languages
C 92.1%
Roff 2.8%
Shell 2.3%
Makefile 0.7%
M4 0.5%
Other 1.4%