Steve Syfuhs
Steve Syfuhs
We have a bug tracking the request to change these values. It hasn't been a high priority unfortunately. https://github.com/dotnet/Kerberos.NET/issues/148
Also, interestingly we must have hit this basic issue in the past because we already have a way to handle this automatically. Hmm. https://github.com/dotnet/Kerberos.NET/blob/df33af4cbb33ce6fdc81050f30295c39e30e4060/Kerberos.NET/Client/KerberosClient.cs#L407-L412
Oh, yes, definitely.
The CName field is a function of the credential you're using: https://github.com/dotnet/Kerberos.NET/blob/68282664b52d531c89d93e66228d24a6e9d24302/Kerberos.NET/Entities/Krb/KrbAsReq.cs#L135-L149 And the logic for that is somewhat complicated, but can be forced by setting the name type explicitly:...
There is no Linux implementation of MD4. It pinvokes Windows APIs only. You shouldn't be using the RC4/MD4 suite for anything anyway. Your app should be configured to use AES...
This isn't likely a bug in the library. The server isn't accepting the ticket, but you aren't showing why the server isn't accepting it. Logs from the server would be...
Alright, let's see: Chrome:  Kerberos.NET  There's a noticeable difference in the structure because the top-level structures are encoded differently. You can see the differences in the bold headers....
Okay, the difference in decoding is a bug in Bruce itself, not the library.  This shows it's decoding correctly. > the SNAME is different too: > for Chrome is...
That's what `EncodeGssApi` does. Poorly named, but does the business correctly. ```csharp public ReadOnlyMemory EncodeGssApi() { var token = GssApiToken.Encode(Kerberos5Oid, this); var negoToken = new NegotiationToken { InitialToken = new...
Although... the KVNO on both the chrome and kerb.net tickets are the same, which given that it's non-zero would suggest they're the same service principal too. Are you seeing anything...