When using the MIT Kebreros gss-client program to initiate an RC4 resource, my acceptor implementation (custom, not sun Java) fails to unwrap() because the MITK initiator is using the session key instead of the subkey. My initiator unconditionally uses the subkey which works with gss-server (and the Windows SSPI initiator or acceptor.
Presumably I'm screwing up some flag during the AP-REQ/REP exchange. Unfortunately running gss-client with the -pass option results in PREAUTH_FAILED whereas without gdb it strangely works. Where does the MITK initiator select the session key vs the subkey? Bonus question: Is there a trick to getting gdb to work with gss-client -pass? Mike PS: Yes, RC4 is discontinued but I decided to support it so it needs to work 100%. -- Michael B Allen Java AD DS Integration https://www.ioplex.com/ <http://www.ioplex.com/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
