For the PREAUTH_REQUIRED error reply, when there is a choice of keys available, Heimdal prefers keys that use the default salt. This is meant for interoperability with older clients that ignore the returned salt value. For machine accounts, which use a different algorithm to calculate the salt string, this means that RC4, which does not use a salt, is preferred over AES. Preferring keys with the default salt should only be considered for older encryption types such as DES.
This bug was referenced in samba master:
Created attachment 16861 [details]
don't prefer RC4 for service tickets
This impacts the checksum type used to sign a PAC and encrypt service tickets.
Changing this is a behaviour change and a breaking one at points due to needing to assert the target service knew the salt correctly.
When we get to the point of needing to agressivly kill RC4 we will want to look at using this.
Created attachment 16862 [details]
patch backported to 4.15 (only)
This patch addresses the regression seen on the list here:
Assigning to Jule for the backport to 4.15.next
This bug was referenced in samba v4-15-test:
Closing out bug report.
This bug was referenced in samba v4-15-stable (Release samba-4.15.1):
Andrew, should we backport this to 4.14?
This is not required except in Samba 4.15 unless b3ee034b4d457607ef25a5b01da64e1eaf5906dd is backported as:
- kdc_config->preauth_use_strongest_session_key = false;
+ kdc_config->preauth_use_strongest_session_key = true;
Triggers a buggy codepath in Heimdal where the AES key for machine accounts is not preferred.