Kerberos.NET icon indicating copy to clipboard operation
Kerberos.NET copied to clipboard
verified publisher icon dotnet

Version of tickets

Open Zubastic opened this issue 5 years ago • 2 comments

Is your feature request related to a problem? Please describe. https://github.com/dotnet/Kerberos.NET/issues/180

Problem with different version of token and keytab file. So if token version is more than keytab version we shouldn't try to decrypt and could just throw error, isn't it?

Describe the solution you'd like Check version and return Invalid checksum error.

Zubastic avatar Oct 26 '20 16:10 Zubastic

You mean the kvno in the ticket encrypted data? There's no guarantee it'll be present, or match what's in the keytab unfortunately. In most cases the keytab version doesn't have knowledge of the version stored in the directory so it wouldn't make sense to compare.

SteveSyfuhs avatar Oct 26 '20 16:10 SteveSyfuhs

You mean the kvno in the ticket encrypted data? There's no guarantee it'll be present, or match what's in the keytab unfortunately. In most cases the keytab version doesn't have knowledge of the version stored in the directory so it wouldn't make sense to compare.

I got invalid checksum version for multiple times and every time kvno and keytab version didn't match :( Now I check it with KerbDump (KerbDumpCore fails with invalid checksum error). Maybe log warning?

Zubastic avatar Oct 26 '20 17:10 Zubastic