leash session key type NULL - Kerberos

This is a discussion on leash session key type NULL - Kerberos ; I am using leash 2.5 and when I import tickets from the MS cache I get for some users a session key type of NULL whereas the ticket encryption type is RC4-HMAC-NT. When I use get tickets with username/password I ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: leash session key type NULL

  1. leash session key type NULL

    I am using leash 2.5 and when I import tickets from the MS cache I get for
    some users a session key type of NULL whereas the ticket encryption type is
    RC4-HMAC-NT. When I use get tickets with username/password I get the
    corrrect session key type of RC4-HMAC-NT. Does anybody know why ? I am
    running on Win XP with a w2k3 kdc.

    Thanks
    Markus



  2. Re: leash session key type NULL

    Markus Moeller wrote:
    > I am using leash 2.5 and when I import tickets from the MS cache I get for
    > some users a session key type of NULL whereas the ticket encryption type is
    > RC4-HMAC-NT. When I use get tickets with username/password I get the
    > corrrect session key type of RC4-HMAC-NT. Does anybody know why ? I am
    > running on Win XP with a w2k3 kdc.
    >
    > Thanks
    > Markus


    Markus:

    KfW 2.5 is quite old and there are a number of bugs in the MSLSA support
    that you problem don't want to be dealing with. I suggest you replace
    it with the KFW 2.6.5 release.

    One of the things that the later KFW releases do is set the magic
    registry key that will allow the LSA to export the TGT session key.
    When the exportation of the key is blocked, the key type is reported as
    NULL.

    For details see:

    http://web.mit.edu/kerberos/kfw-2.6/...tes.html#mslsa

    Jeffrey Altman



  3. RE: leash session key type NULL

    You need to set the AllowTGTSessionKey registry setting if you want to
    see the Session Key etype, otherwise it will be shown as 0.

    Thanks,
    Tim

    -----Original Message-----
    From: kerberos-bounces@MIT.EDU [mailto:kerberos-bounces@MIT.EDU] On
    Behalf Of Markus Moeller
    Sent: 18 September 2006 14:37
    To: kerberos@MIT.EDU
    Subject: leash session key type NULL

    I am using leash 2.5 and when I import tickets from the MS cache I get
    for
    some users a session key type of NULL whereas the ticket encryption type
    is
    RC4-HMAC-NT. When I use get tickets with username/password I get the
    corrrect session key type of RC4-HMAC-NT. Does anybody know why ? I am

    running on Win XP with a w2k3 kdc.

    Thanks
    Markus


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  4. Re: leash session key type NULL

    I thought I had the registry setting done, but I didn't.

    Thanks
    Markus

    "Jeffrey Altman" wrote in message
    news:450EA679.9030507@nyc.rr.com...
    > Markus Moeller wrote:
    >> I am using leash 2.5 and when I import tickets from the MS cache I get
    >> for
    >> some users a session key type of NULL whereas the ticket encryption type
    >> is
    >> RC4-HMAC-NT. When I use get tickets with username/password I get the
    >> corrrect session key type of RC4-HMAC-NT. Does anybody know why ? I am
    >> running on Win XP with a w2k3 kdc.
    >>
    >> Thanks
    >> Markus

    >
    > Markus:
    >
    > KfW 2.5 is quite old and there are a number of bugs in the MSLSA support
    > that you problem don't want to be dealing with. I suggest you replace
    > it with the KFW 2.6.5 release.
    >
    > One of the things that the later KFW releases do is set the magic
    > registry key that will allow the LSA to export the TGT session key.
    > When the exportation of the key is blocked, the key type is reported as
    > NULL.
    >
    > For details see:
    >
    > http://web.mit.edu/kerberos/kfw-2.6/...tes.html#mslsa
    >
    > Jeffrey Altman
    >
    >




+ Reply to Thread