Benoit Branciard

Results 2 comments of Benoit Branciard

KDC: TGS-REQ problem with Windows 11 22H2 client

Requesting tickets with "unlimited" lifetime is not so uncommon. Heimdal's own "kgetcred" and Samba's "smbclient" commands both issue TGS-REQ with a "till" set to 19700101000000Z, which is assumed as MAX_TIME...

KDC: TGS-REQ problem with Windows 11 22H2 client

According to our investigations, the "Failed to verify authenticator checksum" bug is directly related to the ASN1_MAX_YEAR limitation in _der_gmtime from lib/asn1/timegm.c. To verify checksum, the parsed req-body is first...