13131 – S4U2Proxy requests with encrypted authorization-data are rejected by a Samba KDC

Bug 13131 - S4U2Proxy requests with encrypted authorization-data are rejected by a Samba KDC

Summary: S4U2Proxy requests with encrypted authorization-data are rejected by a Samba KDC

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.7.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Stefan Metzmacher
QA Contact:	Samba QA Contact

URL:	https://gitlab.com/samba-team/samba/-...
Keywords:

Depends on:
Blocks:

Reported:	2017-11-14 14:59 UTC by Stefan Metzmacher
Modified:	2022-03-25 11:14 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Work in progress patches (8.31 KB, patch) 2017-12-13 12:37 UTC, Stefan Metzmacher	no flags	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2017-11-14 14:59:56 UTC

Modern Windows versions send encrypted authorization-data a long with
TGS requests.

If this is combined with S4U2Proxy requests a Samba (heimdal based) KDC
is unable to decrypt the authorization data from the client.

Comment 1 Stefan Metzmacher 2017-12-13 12:37:56 UTC

Created attachment 13863 [details]
Work in progress patches

Comment 2 Stefan Metzmacher 2022-03-25 11:14:54 UTC

Comment on attachment 13863 [details]
Work in progress patches

The current pathes are on https://gitlab.com/samba-team/samba/-/merge_requests/2458