TGS-REP TICKET decrypting problem

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

TGS-REP TICKET decrypting problem

somenath saha
HI,


    I'm facing a problem while decrypting enc-part of the ticket in TGS_REP
message.  While decrypting the ticket in TGS_REP message (with
KRB5_KEYUSAGE_KDC_REP_TICKET), I am getting an error message
KRB_AP_ERR_BAD_INTEGRITY though I have able to decrypt the enc-part of
AS_REP message using the same Server Secret Key. I am using
*krb5_c_decrypt()* API for decryption. I am using aes256-cts-hmac-sha1-96
enc-type. Please suggest me what to do in order to decrypt the ticket
enc-part.


Regards,

somenath
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: TGS-REP TICKET decrypting problem

Greg Hudson
On 04/25/2014 05:18 AM, somenath saha wrote:
>     I'm facing a problem while decrypting enc-part of the ticket in TGS_REP
> message.  While decrypting the ticket in TGS_REP message (with
> KRB5_KEYUSAGE_KDC_REP_TICKET), I am getting an error message
> KRB_AP_ERR_BAD_INTEGRITY though I have able to decrypt the enc-part of
> AS_REP message using the same Server Secret Key.

I wasn't able to tell from this description what might be going wrong.
A ticket should be decryptable with the server's key whether it came
from an AS reply or a TGS reply.  Make sure the ticket in the TGS reply
is for the same server and is using the same kvno and enctype.
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev