Bug 15219 - Heimdal session key selection in AS-REQ examines wrong entry
Summary: Heimdal session key selection in AS-REQ examines wrong entry
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.15.10
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: 15237
  Show dependency treegraph
 
Reported: 2022-11-01 02:07 UTC by Andrew Bartlett
Modified: 2022-11-16 20:59 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2022-11-01 02:07:01 UTC
Heimdal tries to find the intersection of the client-specified encryption types in the AS-REQ vs the target server (typically the krbtgt account)'s supported encryption types to create a session key.

However Heimdal historically has examined only the AS-REQ specified encryption types vs the keys stored by the user on the account (which really should only matter for a password-based AS-REQ like ENC-TIMESTAMP).