For the PREAUTH_REQUIRED error reply, when there is a choice of keys available, Heimdal prefers keys that use the default salt. This is meant for interoperability with older clients that ignore the returned salt value. For machine accounts, which use a different algorithm to calculate the salt string, this means that RC4, which does not use a salt, is preferred over AES. Preferring keys with the default salt should only be considered for older encryption types such as DES.
This bug was referenced in samba master: 8e1efd8bd3bf698dc0b6ed2081919f49b1412b53
Created attachment 16861 [details] don't prefer RC4 for service tickets This impacts the checksum type used to sign a PAC and encrypt service tickets. Changing this is a behaviour change and a breaking one at points due to needing to assert the target service knew the salt correctly. When we get to the point of needing to agressivly kill RC4 we will want to look at using this.
Created attachment 16862 [details] patch backported to 4.15 (only) This patch addresses the regression seen on the list here: https://lists.samba.org/archive/samba/2021-October/237844.html
Assigning to Jule for the backport to 4.15.next Thanks!
This bug was referenced in samba v4-15-test: be8fb0218af1a1529cd7a349a57a11dbfaeb7368
Closing out bug report. Thanks!
This bug was referenced in samba v4-15-stable (Release samba-4.15.1): be8fb0218af1a1529cd7a349a57a11dbfaeb7368
Andrew, should we backport this to 4.14?
This is not required except in Samba 4.15 unless b3ee034b4d457607ef25a5b01da64e1eaf5906dd is backported as: - kdc_config->preauth_use_strongest_session_key = false; + kdc_config->preauth_use_strongest_session_key = true; Triggers a buggy codepath in Heimdal where the AES key for machine accounts is not preferred.