Loading... (original) (raw)

When adding a new principal in KDC with a password, keys are generated with a salt and an optional parameter known as s2kparams (string-to-key parameters). s2kparams is defined for AES etypes and is useless for DES, DES3 and RC4. Although Java has supported AES for a long time, it has never supported KDC-provided s2kparams. If the KDC sends out a PA-DATA with a non-null s2kparams, the whole PA-DATA (including the salt) will be ignored.

In most cases, user would not notice a problem because default salt and s2kparams are used. However, if a KDC decides to create a new principal with a non-default salt or s2kparams, a Java Kerberos client would fail at login, because it cannot generate a correct key to decrypt KDC's response.

For new aes-sha2 etypes defined in RFC 8009, there will be no default salt value (always has a random part) and the login will always fail. It's better to fix this bug before we support these new etypes.