Need help interpreting krb5kdc log file, specifically etypes definitions - Kerberos

This is a discussion on Need help interpreting krb5kdc log file, specifically etypes definitions - Kerberos ; Hi, I successfully established trust relationship between MIT Realm and AD on Windows 2003 SP1. I would like to make sure that RC4 encryption is in fact being used. I believe that I should be able to get this information ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Need help interpreting krb5kdc log file, specifically etypes definitions

  1. Need help interpreting krb5kdc log file, specifically etypes definitions

    Hi,
    I successfully established trust relationship between MIT Realm and AD
    on Windows 2003 SP1. I would like to make sure that RC4 encryption is
    in fact being used.
    I believe that I should be able to get this information from the
    krb5kdc log, but having some difficulties interpreting the etypes
    definitions. Could somebody, please, provide explanation on the meaning
    of such messages:
    Jul 17 11:19:57 rh01.mit.contoso.com krb5kdc[1864](info): TGS_REQ (7
    etypes {23 -133 -128 3 1 24 -135}) 192.168.15.103: ISSUE: authtime
    1153149597, etypes {rep=
    23 tkt=23 ses=23}, jdoe@MIT.CONTOSO.COM for
    krbtgt/MIT.CONTOSO.COM@MIT.CONTOSO.COM
    In this message etypes are defined as numbers. Is there a table
    somewhere that would allow me to translate numbers to encryption types?
    Or may be there is another way to tell?
    Thanks.
    Alex


  2. Re: Need help interpreting krb5kdc log file, specifically etypesdefinitions

    alextc@microsoft.com wrote:
    > Hi,
    > I successfully established trust relationship between MIT Realm and AD
    > on Windows 2003 SP1. I would like to make sure that RC4 encryption is
    > in fact being used.
    > I believe that I should be able to get this information from the
    > krb5kdc log, but having some difficulties interpreting the etypes
    > definitions. Could somebody, please, provide explanation on the meaning
    > of such messages:
    > Jul 17 11:19:57 rh01.mit.contoso.com krb5kdc[1864](info): TGS_REQ (7
    > etypes {23 -133 -128 3 1 24 -135}) 192.168.15.103: ISSUE: authtime
    > 1153149597, etypes {rep=
    > 23 tkt=23 ses=23}, jdoe@MIT.CONTOSO.COM for
    > krbtgt/MIT.CONTOSO.COM@MIT.CONTOSO.COM
    > In this message etypes are defined as numbers. Is there a table
    > somewhere that would allow me to translate numbers to encryption types?
    > Or may be there is another way to tell?
    > Thanks.
    > Alex


    RFC 4120
    http://www.ietf.org/rfc/rfc4120.txt




  3. Re: Need help interpreting krb5kdc log file, specifically etypes definitions


    Jeffrey Altman wrote:
    > alextc@microsoft.com wrote:
    > > Hi,
    > > I successfully established trust relationship between MIT Realm and AD
    > > on Windows 2003 SP1. I would like to make sure that RC4 encryption is
    > > in fact being used.
    > > I believe that I should be able to get this information from the
    > > krb5kdc log, but having some difficulties interpreting the etypes
    > > definitions. Could somebody, please, provide explanation on the meaning
    > > of such messages:
    > > Jul 17 11:19:57 rh01.mit.contoso.com krb5kdc[1864](info): TGS_REQ (7
    > > etypes {23 -133 -128 3 1 24 -135}) 192.168.15.103: ISSUE: authtime
    > > 1153149597, etypes {rep=
    > > 23 tkt=23 ses=23}, jdoe@MIT.CONTOSO.COM for
    > > krbtgt/MIT.CONTOSO.COM@MIT.CONTOSO.COM
    > > In this message etypes are defined as numbers. Is there a table
    > > somewhere that would allow me to translate numbers to encryption types?
    > > Or may be there is another way to tell?
    > > Thanks.
    > > Alex

    >
    > RFC 4120
    > http://www.ietf.org/rfc/rfc4120.txt


    Thanks for the response.
    Could you, please, provide the section of the document where I could
    find such a table.
    I read through RFC but was not able to find the required information.
    As a matter of fact, when I did a search of the entire document for
    "RC4", hoping to find the corresponding int key, I found only a single
    match, which was not really relelevant to the information I am looking
    for.
    Thanks in advance.
    Alex.


  4. Re: Need help interpreting krb5kdc log file, specifically etypesdefinitions

    alextc@microsoft.com wrote:

    >> RFC 4120
    >> http://www.ietf.org/rfc/rfc4120.txt

    >
    > Thanks for the response.
    > Could you, please, provide the section of the document where I could
    > find such a table.
    > I read through RFC but was not able to find the required information.
    > As a matter of fact, when I did a search of the entire document for
    > "RC4", hoping to find the corresponding int key, I found only a single
    > match, which was not really relelevant to the information I am looking
    > for.
    > Thanks in advance.
    > Alex.


    RFC 3961 Section 8
    http://www.ietf.org/rfc/rfc3961.txt


  5. Re: Need help interpreting krb5kdc log file, specifically etypes definitions


    Jeffrey Altman wrote:
    > alextc@microsoft.com wrote:
    >
    > >> RFC 4120
    > >> http://www.ietf.org/rfc/rfc4120.txt

    > >
    > > Thanks for the response.
    > > Could you, please, provide the section of the document where I could
    > > find such a table.
    > > I read through RFC but was not able to find the required information.
    > > As a matter of fact, when I did a search of the entire document for
    > > "RC4", hoping to find the corresponding int key, I found only a single
    > > match, which was not really relelevant to the information I am looking
    > > for.
    > > Thanks in advance.
    > > Alex.

    >
    > RFC 3961 Section 8
    > http://www.ietf.org/rfc/rfc3961.txt


    Thanks a lot.
    I have one more question, regarding the negative values in my krb5kdc.
    So if I look at the entry in the log:
    Jul 17 11:19:57 rh01.mit.contoso.com krb5kdc[1864](info): TGS_REQ (7
    etypes {23 -133 -128 3 1 24 -135}) 192.168.15.103: ISSUE: authtime
    1153149597, etypes {rep=
    23 tkt=23 ses=23},
    By looking at the table in RFC 3961 I know that the issued token was
    encrypted with RC4, but when I look at the etypes proposed by the
    client (etypes {23 -133 -128 3 1 24 -135}) I see some negative values
    that are not in the RFC 3961 table. The client is Windows XP
    workstation SP2. Does anybody know what those negative values
    represent?
    Thanks.
    Alex.


  6. Re: Need help interpreting krb5kdc log file, specifically etypesdefinitions

    alextc@microsoft.com wrote:

    > I have one more question, regarding the negative values in my krb5kdc.
    > So if I look at the entry in the log:
    > Jul 17 11:19:57 rh01.mit.contoso.com krb5kdc[1864](info): TGS_REQ (7
    > etypes {23 -133 -128 3 1 24 -135}) 192.168.15.103: ISSUE: authtime
    > 1153149597, etypes {rep=
    > 23 tkt=23 ses=23},
    > By looking at the table in RFC 3961 I know that the issued token was
    > encrypted with RC4, but when I look at the etypes proposed by the
    > client (etypes {23 -133 -128 3 1 24 -135}) I see some negative values
    > that are not in the RFC 3961 table. The client is Windows XP
    > workstation SP2. Does anybody know what those negative values
    > represent?
    > Thanks.
    > Alex.


    Negative values are reserved for private use by implementers.
    From the Microsoft Windows Platform SDK ntsecapi.h:

    #define KERB_ETYPE_RC4_MD4 -128 // FFFFFF80
    #define KERB_ETYPE_RC4_PLAIN2 -129
    #define KERB_ETYPE_RC4_LM -130
    #define KERB_ETYPE_RC4_SHA -131
    #define KERB_ETYPE_DES_PLAIN -132
    #define KERB_ETYPE_RC4_HMAC_OLD -133 // FFFFFF7B
    #define KERB_ETYPE_RC4_PLAIN_OLD -134
    #define KERB_ETYPE_RC4_HMAC_OLD_EXP -135
    #define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136
    #define KERB_ETYPE_RC4_PLAIN -140
    #define KERB_ETYPE_RC4_PLAIN_EXP -141

    Jeffrey Altman

  7. Re: Need help interpreting krb5kdc log file, specifically etypes

    On Jul 18, 2006, at 13:36, Jeffrey Altman wrote:
    > Negative values are reserved for private use by implementers.


    "Negative values are for private use; local and experimental
    algorithms should use these values."
    Not quite the same thing.

    Ken
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  8. Re: Need help interpreting krb5kdc log file, specifically etypes



    On Tuesday, July 18, 2006 02:47:07 PM -0400 Ken Raeburn
    wrote:

    > On Jul 18, 2006, at 13:36, Jeffrey Altman wrote:
    >> Negative values are reserved for private use by implementers.

    >
    > "Negative values are for private use; local and experimental
    > algorithms should use these values."
    > Not quite the same thing.


    Right. These are "private use", which means their meaning is determined by
    prior agreement between peers. It's OK for an implementation to negative
    values internally (for example, heimdal uses a single internal crypto API
    for both RFC3961 enctypes and direct access to raw ciphers and hashes; the
    latter are identified within the API by private-use values), but they
    should never appear on the wire except in circumstances where the local
    administrator has defined their meaning.


    Until fairly recently, DHCP had a major problem with vendors "stealing"
    private-use option codes which were intended to have locally-defined
    meanings and assigning vendor-defined meanings to them instead. I would be
    disappointed if Kerberos started to have the same sorts of problems.

    -- Jeff
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread