Bug 14864 - Heimdal prefers RC4 over AES for machine accounts
Summary: Heimdal prefers RC4 over AES for machine accounts
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.15.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
Depends on:
Reported: 2021-10-14 02:56 UTC by Jo Sutton
Modified: 2023-06-30 03:03 UTC (History)
4 users (show)

See Also:

don't prefer RC4 for service tickets (2.23 KB, patch)
2021-10-20 20:52 UTC, Andrew Bartlett
no flags Details
patch backported to 4.15 (only) (3.38 KB, patch)
2021-10-20 21:25 UTC, Andrew Bartlett
jsutton: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Jo Sutton 2021-10-14 02:56:01 UTC
For the PREAUTH_REQUIRED error reply, when there is a choice of keys available, Heimdal prefers keys that use the default salt. This is meant for interoperability with older clients that ignore the returned salt value. For machine accounts, which use a different algorithm to calculate the salt string, this means that RC4, which does not use a salt, is preferred over AES. Preferring keys with the default salt should only be considered for older encryption types such as DES.
Comment 1 Samba QA Contact 2021-10-14 19:52:05 UTC
This bug was referenced in samba master:

Comment 2 Andrew Bartlett 2021-10-20 20:52:19 UTC
Created attachment 16861 [details]
don't prefer RC4 for service tickets

This impacts the checksum type used to sign a PAC and encrypt service tickets.

Changing this is a behaviour change and a breaking one at points due to needing to assert the target service knew the salt correctly.

When we get to the point of needing to agressivly kill RC4 we will want to look at using this.
Comment 3 Andrew Bartlett 2021-10-20 21:25:28 UTC
Created attachment 16862 [details]
patch backported to 4.15 (only)

This patch addresses the regression seen on the list here:

Comment 4 Andrew Bartlett 2021-10-21 00:08:06 UTC
Assigning to Jule for the backport to 4.15.next

Comment 5 Samba QA Contact 2021-10-22 08:55:14 UTC
This bug was referenced in samba v4-15-test:

Comment 6 Jule Anger 2021-10-22 09:09:13 UTC
Closing out bug report.

Comment 7 Samba QA Contact 2021-10-27 13:11:48 UTC
This bug was referenced in samba v4-15-stable (Release samba-4.15.1):

Comment 8 Stefan Metzmacher 2021-10-28 13:20:00 UTC
Andrew, should we backport this to 4.14?
Comment 9 Andrew Bartlett 2021-10-28 17:02:14 UTC
This is not required except in Samba 4.15 unless b3ee034b4d457607ef25a5b01da64e1eaf5906dd is backported as:

-	kdc_config->preauth_use_strongest_session_key = false;
+	kdc_config->preauth_use_strongest_session_key = true;

Triggers a buggy codepath in Heimdal where the AES key for machine accounts is not preferred.