Bug 13131 - S4U2Proxy requests with encrypted authorization-data are rejected by a Samba KDC
Summary: S4U2Proxy requests with encrypted authorization-data are rejected by a Samba KDC
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.7.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-14 14:59 UTC by Stefan Metzmacher
Modified: 2022-03-25 11:14 UTC (History)
3 users (show)

See Also:


Attachments
Work in progress patches (8.31 KB, patch)
2017-12-13 12:37 UTC, Stefan Metzmacher
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2017-11-14 14:59:56 UTC
Modern Windows versions send encrypted authorization-data a long with
TGS requests.

If this is combined with S4U2Proxy requests a Samba (heimdal based) KDC
is unable to decrypt the authorization data from the client.
Comment 1 Stefan Metzmacher 2017-12-13 12:37:56 UTC
Created attachment 13863 [details]
Work in progress patches
Comment 2 Stefan Metzmacher 2022-03-25 11:14:54 UTC
Comment on attachment 13863 [details]
Work in progress patches

The current pathes are on https://gitlab.com/samba-team/samba/-/merge_requests/2458